A vulnerability has been discovered by Johnathan Looney at the Juniper SIRT in FreeBSD (base for Junos and many other products) in the way that FreeBSD processes certain TCP packets (https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc) If you send TCP SYN packets for an existing connection (i.e. the correct source IP, source port, destination IP, destination port combination) the operating system will tear down the connection.
The attack is similar to the "slipping in the TCP window" attack described back in 2004 by Paul Watson (http://packetstormsecurity.com/files/author/3245/), but using SYN packets instead of RST. One of the Handlers has successfully reproduced the attack in their lab.
For those of you that don't have FreeBSD in your environment, you probably do. There are a number of products that utilise FreeBSD as their base operating system. A few that spring to mind are OSX, Bluecoats, CheckPoint, Netscaler and more (A partial list is here http://en.wikipedia.org/wiki/List_of_products_based_on_FreeBSD).
Keep an eye out for updates from your vendors, Juniper's is here --> http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10638&cat=SIRT_1&actp=LIST
'취약점 정보1' 카테고리의 다른 글
bash에 존재하는 「Shellshock "취약점에 대한주의 (0) | 2014.09.27 |
---|---|
Major Android Bug is a Privacy Disaster (CVE-2014-6041) (0) | 2014.09.19 |
Multiple Android applications fail to properly validate SSL certificates (0) | 2014.09.09 |
WebEdition 6.3.8-s1 SQL Injection Vulnerability (0) | 2014.09.08 |
Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability (0) | 2014.08.18 |