1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5 |
Gentoo Linux Security Advisory GLSA 200401-02 |
6 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
7 |
~ http://security.gentoo.org |
8 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
9 |
|
10 |
~ Severity: Low |
11 |
~ Title: Honeyd remote detection vulnerability via a probe packet |
12 |
~ Date: January 21, 2004 |
13 |
~ Bugs: #38934 |
14 |
~ ID: 200401-02 |
15 |
|
16 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
17 |
|
18 |
Synopsis |
19 |
======== |
20 |
|
21 |
Identification of Honeyd installations allows an adversary to launch |
22 |
attacks specifically against Honeyd. No remote root exploit is currently |
23 |
known. |
24 |
|
25 |
Background |
26 |
========== |
27 |
|
28 |
Honeyd is a virtual honeypot daemon that can simulate virtual hosts on |
29 |
unallocated IP addresses. |
30 |
|
31 |
Description |
32 |
=========== |
33 |
|
34 |
A bug in handling NMAP fingerprints caused Honeyd to reply to TCP |
35 |
packets with both the SYN and RST flags set. Watching for replies, it is |
36 |
possible to detect IP addresses simulated by Honeyd. |
37 |
|
38 |
Impact |
39 |
====== |
40 |
|
41 |
Although there are no public exploits known for Honeyd, the detection of |
42 |
Honeyd IP addresses may in some cases be undesirable. |
43 |
|
44 |
Workaround |
45 |
========== |
46 |
|
47 |
Honeyd 0.8 has been released along with an advisory [ 1 ] to address |
48 |
this issue. In addition, Honeyd 0.8 drops privileges if permitted by the |
49 |
configuration file and contains command line flags to force dropping of |
50 |
privileges. |
51 |
|
52 |
Resolution |
53 |
========== |
54 |
|
55 |
Users are encouraged to upgrade to honeyd version 0.8: |
56 |
|
57 |
~ $> emerge sync |
58 |
~ $> emerge -pv ">=net-analyzer/honeyd-0.8" |
59 |
~ $> emerge ">=net-analyzer/honeyd-0.8" |
60 |
|
61 |
References |
62 |
========== |
63 |
|
64 |
~ [ 1 ] : http://www.honeyd.org/adv.2004-01.asc |
65 |
|
66 |
Concerns? |
67 |
========= |
68 |
|
69 |
Security is a primary focus of Gentoo Linux and ensuring the |
70 |
confidentiality and security of our users machines is of utmost |
71 |
importance to us. Any security concerns should be addressed to |
72 |
security@g.o or alternatively, you may file a bug at |
73 |
http://bugs.gentoo.org. |
74 |
-----BEGIN PGP SIGNATURE----- |
75 |
Version: GnuPG v1.2.1 (GNU/Linux) |
76 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
77 |
|
78 |
iD8DBQFADubOMMXbAy2b2EIRAkzfAJwJeaiMqdeINF8CQWEzHVfqmVMwOACfRb5z |
79 |
Ql1u/vsisa9WTwXijsh4+KI= |
80 |
=nEUc |
81 |
-----END PGP SIGNATURE----- |