多个个人防火墙外出包可绕过漏洞

发布时间：2001-12-10
更新时间：2001-12-10
严重程度：中
威胁程度：欺骗
错误类型：意外情况处置错误
利用方式：服务器模式

受影响系统

Tiny Personal Firewall 1.0
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Tiny Personal Firewall 2.0
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
   - Microsoft Windows XP
Zone Labs ZoneAlarm 2.1
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Zone Labs ZoneAlarm 2.2
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Zone Labs ZoneAlarm 2.3
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Zone Labs ZoneAlarm 2.4
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Zone Labs ZoneAlarm 2.5
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Zone Labs ZoneAlarm 2.6
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
   - Microsoft Windows XP
Zone Labs ZoneAlarm Pro 2.4
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Zone Labs ZoneAlarm Pro 2.6
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a

由于设计错误，可以导致外出信息包绕过一些个人防火墙的包过滤规则。

许多应用程序只阻塞那些有标准WINDOWS协议适配器产生的包，所以那些非
标准WINDOWS协议产生的包可以绕过防火墙规则。

Tiny Personal Firewall, ZoneAlarm 和 ZoneAlarm Pro 存在此漏洞。

http://www.securityfocus.com/data/vulnerabilities/exploits/ob.zip

Tom Liston <tliston@premmag.com>.
参考：http://www.securityfocus.com/archive/1/244026

Microsoft Windows 2000 Internet Key 交换存在拒绝服务攻击

Microsoft Windows 2000 SP2
   + Microsoft Windows 2000
Microsoft Windows 2000 SP1
   + Microsoft Windows 2000
Microsoft Windows 2000

详细描述
Internet Protocol Security (IPSec) 提供IP网络通信的认证和加密，Internet Key Exchange (IKE) 协议是管理协议标准被IPSEC标准使用，IKE针对IPSEC的标准默认存在UDP 500端口监听。

不过IKE中存在一个漏洞可以导致W2K停止响应。

连接端口500和持续发送任意数据包，可以导致CPU利用率达到100%。

系统必须重新启动才能获得正常功能。

测试代码
尚无

解决方案
尚无

相关信息
c0redump <c0redump@ackers.org.uk>.
参考：http://www.securityfocus.com/archive/1/244265

最近严重漏洞

多个个人防火墙外出包可绕过漏洞