Firewall UDP Packet Source Port 53 Ruleset Bypass

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

Firewall rulesets can be bypassed.

Description :

It is possible to bypass the rules of the remote firewall by sending
UDP packets with a source port equal to 53.

An attacker may use this flaw to inject UDP packets to the remote
hosts, in spite of the presence of a firewall.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/0352.html
http://www.nessus.org/u?4368bb37

Solution :

Either contact the vendor for an update or review the firewall rules
settings.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: Firewalls

Nessus Plugin ID: 11580 (kerio_PF_udpbypass.nasl)

Bugtraq ID: 7436
11237

CVE ID: CVE-2003-1491
CVE-2004-1473