CVE-2019-5598 - OpenCVE

In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:11.2:-::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p2::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p3::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p4::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p5::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p6::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p7::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p9::::::
	cpe:2.3:o:freebsd:freebsd:11.2:rc3::::::
	cpe:2.3:o:freebsd:freebsd:12.0:-::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p3::::::

References

Link	Resource
http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/108395
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20190611-0001/
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.synacktiv.com/posts/systems/icmp-reachable.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: freebsd

Published: 2019-05-15T15:27:30

Updated: 2019-07-23T22:31:53

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5598

JSON object: View

NVD Information

Status : Modified

Published: 2019-05-15T16:29:01.080

Modified: 2019-06-11T23:29:00.840

Link: CVE-2019-5598

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "n/a", "versions": [{"status": "affected", "version": "FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable."}], "problemTypes": [{"descriptions": [{"description": "Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-23T22:31:53", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc"}, {"tags": ["x_refsource_MISC"], "url": "https://www.synacktiv.com/posts/systems/icmp-reachable.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html"}, {"name": "108395", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108395"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190611-0001/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2019-5598", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Check for Unusual or Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc", "refsource": "MISC", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc"}, {"name": "https://www.synacktiv.com/posts/systems/icmp-reachable.html", "refsource": "MISC", "url": "https://www.synacktiv.com/posts/systems/icmp-reachable.html"}, {"name": "http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html"}, {"name": "108395", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108395"}, {"name": "https://security.netapp.com/advisory/ntap-20190611-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190611-0001/"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}]}}}}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2019-5598", "datePublished": "2019-05-15T15:27:30", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2019-07-23T22:31:53", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*", "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*", "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*", "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*", "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*", "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*", "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*", "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*", "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "878DF67E-420A-4229-BEA8-DB9F7161ED9A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable."}, {"lang": "es", "value": "n FreeBSD 11.3-PRERELEASE antes de r345378, 12.0-ESTABLE antes de r345377, 11.2-RELEASE antes de 11.2-RELEASE-p10, y 12.0-RELEASE antes de 12.0-RELEASE-p4, un error en pf no verifica si el paquete ICMP exterior o ICMP6 tiene la misma IP de destino que la IP de la fuente del paquete de protocolo interno permitiendo la creaci\u00f3n maliciosa de un paquete ICMP / ICMP6 podr\u00eda eludir las reglas de el Packet Filter y pasar a un host que de lo contrario estar\u00e1 inhabilitado."}], "id": "CVE-2019-5598", "lastModified": "2019-06-11T23:29:00.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-15T16:29:01.080", "references": [{"source": "secteam@freebsd.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html"}, {"source": "secteam@freebsd.org", "url": "http://www.securityfocus.com/bid/108395"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc"}, {"source": "secteam@freebsd.org", "url": "https://security.netapp.com/advisory/ntap-20190611-0001/"}, {"source": "secteam@freebsd.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory"], "url": "https://www.synacktiv.com/posts/systems/icmp-reachable.html"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}