AIX Filtering Vulnerability
----------------------------------------------------------------------------
----
SUMMARY
Due to the way AIX Filtering services work, a remote user can access
services which listen on unprivileged ports higher than 32767.
DETAILS
Vulnerable systems:
IBM AIX 4.3.2
The way AIX Filtering module stores port numbers (using a short integer,
which is limited to the value 32767 and below), makes it possible to
bypass the filtering rules when a remote computer tries to access port
numbers higher than 32767.
Trying to create the following rules shows this problem:
genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d 0.0.0.0 -M 0.0.0.0 \ -c udp -o
any -O eq -P 123 -l n -w I -i all
Works fine, but:
genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d 0.0.0.0 -M 0.0.0.0 -c udp \ -o
any -O eq -P 32768 -l n -w I -i all
Fails with Bad destination port/ICMP type "32768".
ADDITIONAL INFORMATION
The vulnerability was discovered by: <mailto:[EMAIL PROTECTED]>
Brumbles .
-------
AFLHI 058009990407128029/089802---(102598//991024)
milis ini didukung oleh :
>> http://www.indolinux.com - dunia linux indonesia
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
