Multiple BSD ipfw / ip6fw ECE Bit Filtering Evasion

This script is Copyright (C) 2004-2014 Andrey I. Zakharov and John Lampe


Synopsis :

Firewalling rules may be circumvented.

Description :

The remote host seems vulnerable to a bug wherein a remote attacker
can circumvent the firewall by setting the ECE bit within the TCP
flags field. At least one firewall (ipfw) is known to exhibit this
sort of behavior.

Known vulnerable systems include all FreeBSD 3.x ,4.x, 3.5-STABLE, and
4.2-STABLE.

Solution :

If you are running FreeBSD 3.X, 4.x, 3.5-STABLE, 4.2-STABLE, upgrade
your firewall. If you are not running FreeBSD, contact your firewall
vendor for a patch.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 12118 (ece_flag.nasl)

Bugtraq ID: 2293

CVE ID: CVE-2001-0183