IEEE 802.11b Arp Cache Poisoning Man-in-the-Middle Vulnerability BugTraq ID: 3460 Remote: Yes Date Published: Oct 22 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3460 Summary:
802.11b is the wireless protocol specification published by the IEEE. A problem in the implementation the standard could allow an arbitrary user on the wireless network to perform a man-in-the-middle attack. This attack could be launched from the wireless network, and affect any host on the wireless or wired network within the same broadcast domain. The problem is in the implementation of the 802.11b protocol, in relation of Address Resolution Protocol requests. Like standard Ethernet, 802.11b relies on the system of Address Resolution Protocol (ARP)-to-Internet Protocol (IP) for finding hosts on the local network. Also like standard Ethernet, ARP is broadcast over the entire broadcast domain, which includes the wireless network, as well as the wired network, and is cached on all systems within the broadcast domain. The Wireless Access Point typically acts as a hub, forwarding ARP traffic across it's interfaces. It is possible to use one of many available ARP spoofing tools, or manually spoof ARP requests to re-route traffic intended for a host through an arbitrary host. Due to the forwarding of ARP traffic across the Wireless Access Point, it is possible to re-route traffic from systems both on the wireless network, and also systems on the wired network, up to and including the router. This vulnerability may be exploited only within the confines of local network, or broadcast domain. ARP traffic is not forwarded across the router (with the exception of some configurations that use tunnels to forward ARP requests, which could place segments of network that received tunnelled ARP traffic at risk). HP Secure OS Software for Linux Filesystem Protection Vulnerability BugTraq ID: 3468 Remote: Unknown Date Published: Oct 23 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3468 Summary: HP Secure OS Software for Linux is a package of software and kernel modifications offering a variety of security enhancements to Linux, including additional file system controls. A vulnerability in version 1.0 of the software may allow user privileges on some files that go against the restrictions specified in the file system protection rules. This may allow user access to files forbidden in the file system control rules. 6Tunnel Connection Close State Denial of Service Vulnerability BugTraq ID: 3467 Remote: Yes Date Published: Oct 23 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3467 Summary: 6tunnel is a freely available, open source software package designed to provide IPv6 functionality to hosts that do not comply with the standard. It works by creating IPv6 tunnels. A problem in the software package makes it possible for a user to deny service to legitimate users of the service. The problem is the in the management of sockets by the program. When a connection is closed by a client, the socket previously used by the connected client enters the CLOSE state, and does not time out, thus never returning to the socket pool. After a large (number unknown) amount of sockets enter the CLOSE state, 6tunnel becomes unstable and crashes. This problem can allow a remote attacker to attempt numerous connect/disconnects to the 6tunnel server, creating a pool of sockets in the CLOSE state. Upon reaching a large enough number, the services crashes, resulting in a denial of service. - Pour poster une annonce: [EMAIL PROTECTED]
