Update Protection against FreeBSD NFS Mount Request Denial Of Service Vulnerability
| Check Point Reference: | CPAI-2006-032 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | FreeBSD Security Advisory FreeBSD-SA-06:10.nfs | |
| Industry Reference(s): | CVE-2006-0900 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? All FreeBSD releases. | ||
| Vulnerability Description FreeBSD is an advanced UNIX-based operating system for numerous processor architectures. The Network File System (NFS) provides remote access to shared file systems across networks. NFS is built on top of the Sun Remote Procedure Call (RPC) framework. A vulnerability was detected in the way the NFS server handles incoming RPC messages via TCP. By sending RPC messages to an affected FreeBSD system, a remote attacker may crash the FreeBSD system. |
||
|
Update/Patch Available FreeBSD has released an advisory including patch information to address this issue. See http://lists.freebsd.org/pipermail/freebsd-security/2006-March/003571.html. |
|
|
Vulnerability Details The Network File System (NFS) allows a host to export some or all of its filesystems so that other hosts can access them over the network and mount them as if they were on local disks. NFS is built on top of the Sun Remote Procedure Call (RPC) framework. An error was detected in the part of the NFS server code that handles incoming RPC messages via TCP. When the server receives a message with a zero-length payload, it would cause a NULL pointer dereference, allowing a remote attacker capable of sending RPC messages to an affected FreeBSD system to crash the FreeBSD system. |
Protection Overview
By enabling the protection, SmartDefense will not transfer specially crafted UNIX RPC packets with a zero-length payload that may crash the server.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update also includes the following protections:
- Enhancement to the Microsoft Windows Media Player Vulnerability (CPAI-2006-016)
- Trojan Spy Goldun.de Protection (CPAI-2006-025)
- ezDatabase Remote File Inclusion Protection (CPAI-2006-026)
- TFTPD32 Request Error Message Format String Protection (CPAI-2006-027) - InterSpect NGX only
- Cisco IOS CDP Status Page Code Injection Protection (CPAI-2006-028)
- SHOUTcast Filename Request Format String Protection (CPAI-2006-029)]
- Oracle Report File Overwrite/Oracle Report Directory Traversal Protection (CPAI-2006-030)
- Google Talk via Gmail Web Interface Protection (CPSA-2006-02)
- IBM Tivoli Access Manager Directory Traversal Protection (CPAI-2006-031)
- Protection against PmWiki multiple vulnerabilities.
VPN-1 NGX R61
How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the SmartDefense tree, click Application Intelligence > SUN-RPC > NFS and enable Illegal Mount Request. 
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Malformed SUN-RPC over TCP Packet
Attack Information: Illegal Mount Request
VPN-1 NGX R60 / VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the SmartDefense tree, click Application Intelligence > SUN-RPC > NFS and enable Illegal Mount Request.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Malformed SUN-RPC over TCP Packet
Attack Information: Illegal Mount Request
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the SmartDefense tree, click Application Intelligence > SUN-RPC > NFS and enable Illegal Mount Request.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule 999249.
InterSpect NGX
How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the SmartDefense tree, click Application Intelligence > SUN-RPC > NFS and enable Illegal Mount Request.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Malformed SUN-RPC over TCP Packet
Attack Information: Illegal Mount Request
InterSpect 2.0
How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the SmartDefense tree, click Application Intelligence > SUN-RPC > NFS and enable Illegal Mount Request.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Malformed SUN-RPC over TCP Packet
Attack Information: Illegal Mount Request