NetScreen非IP协议流量绕过防火墙漏洞

/ns/ld/softld/data/20031017195703.htm

发布时间：2003-07-09
更新时间：2003-07-12
严重程度：低
威胁程度：其它
错误类型：设计错误
利用方式：服务器模式

BUGTRAQ ID：8150

受影响系统
NetScreen ScreenOS 3.1.1r2
NetScreen ScreenOS 3.1.0r9
NetScreen ScreenOS 3.1.0r2
NetScreen ScreenOS 3.1.0r1
NetScreen ScreenOS 3.1.0
NetScreen ScreenOS 3.0.0r4
NetScreen ScreenOS 3.0.0r3
NetScreen ScreenOS 3.0.0r2
NetScreen ScreenOS 3.0.0r1
NetScreen ScreenOS 3.0.0
NetScreen ScreenOS 2.8.0r1
NetScreen ScreenOS 1.7
NetScreen ScreenOS 1.64
NetScreen ScreenOS 1.66 r2
NetScreen ScreenOS 1.66
NetScreen ScreenOS 1.73 r2
NetScreen ScreenOS 1.73 r1
NetScreen ScreenOS 2.0.1 r8
NetScreen ScreenOS 2.1 r7
NetScreen ScreenOS 2.1 r6
NetScreen ScreenOS 2.1
NetScreen ScreenOS 2.5 r6
NetScreen ScreenOS 2.5 r2
NetScreen ScreenOS 2.5 r1
NetScreen ScreenOS 2.5
NetScreen ScreenOS 2.6
NetScreen ScreenOS 2.6.1 r5
NetScreen ScreenOS 2.6.1 r4
NetScreen ScreenOS 2.6.1 r3
NetScreen ScreenOS 2.6.1 r2
NetScreen ScreenOS 2.6.1 r1
NetScreen ScreenOS 2.6.1
NetScreen ScreenOS 2.7.1 r3
NetScreen ScreenOS 2.7.1 r2
NetScreen ScreenOS 2.7.1 r1
NetScreen ScreenOS 2.7.1
NetScreen ScreenOS 2.8
NetScreen ScreenOS 2.10 r4
NetScreen ScreenOS 2.10 r3
NetScreen ScreenOS 3.0.1 r2
NetScreen ScreenOS 3.0.1 r1
NetScreen ScreenOS 3.0.1
NetScreen ScreenOS 3.0.2
NetScreen ScreenOS 3.0.3 r1.1
NetScreen ScreenOS 3.0.3
NetScreen ScreenOS 4.0 -DIAL
NetScreen ScreenOS 4.0
NetScreen ScreenOS 4.0.1
NetScreen ScreenOS 4.0.3
详细描述
NetScreen 25、50、204、208、500、5200及5400系统默认运行于bridge模式下，不进行IP包的转发，在某些配置情况下，紧邻防火墙的设备可以在链路层发送非IP协议的数据帧（比如Netware SAP）使之通过防火墙攻击墙后的IPX机器。

解决方案
厂商还未提供解决方案。

相关信息
NetScreen Advisory 57605 http://www.netscreen.com/services/security/alerts/advisory-57605.txt

=========================
文章类型:转载 提交:Achieve 核查:NetDemon