Vulnerabilities > CVE-1999-0511 - Unspecified vulnerability in Microsoft Windows 2000 and Windows NT

#TRUSTED 30620fceaa9630fd4c35d7c2f8b25be94df391d47f19af04fd5cbc9ac98984f261ed023487ec6af6253f5b32ec63fa7ecde03ac99c9b8d8d6c9974b180bf7812303cb0ca4fcb6e8b0f280c3bf87749b580db715828bb4c2d8b9e59b28c44588e6ef7abea847d6181b3b58fd8193e446557a8d0a001effaba1b2c859f95db68f9e4fc18cd8e0b79c8fdaf27bdb441ae927a4a5da50908e3deb86a82f5b72bda84c97201412d283398f2dd86d3e3aed2349f071c1b9774a913dd1210cee991c61579aaac63540e95b639da5fc120cce025208ce6fe323a38147b4a4c3b9b2198efd10da096d22c77c135ae384a79f7dfc327347ccb78a96f86c29f39e5e279dce0c9f06c30b634998c2cb7cfe2ea6985c03c28a5dc4a64bb9222c4cc76b1a326e25622783b9b39e90bcdfb7368d914ec5d5ba0672431e02522bb64166672b767bcb7ddff36eff3f2108731daa75d5118e935c571c8bf891afb36a1ad53e8bc59a9242e604938f71d653703ab25ee5367653daa72c0988e245a745661c870f1361f733730315a7637424239d695ec9f925e651b9af010476b3b8098f52ec453341e06f76c9a15bccd9bb38a76b62e99d0ade19f74dda555331fb7e35b95a3726123563b16a10344b09e85e308e90cba104642c66e6134139dacc6bbc9c1020034dc116ea9bc16cd368d92ed37517d9ba648079f45130b9275b923688e073a89a699
#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("inject_packet") ) exit(0);

include("compat.inc");

if (description)
{
 script_id(50686);
 script_version("1.11");
 script_set_attribute(attribute:"plugin_modification_date", value:"2019/03/06");

 script_cve_id("CVE-1999-0511");

 script_name(english:"IP Forwarding Enabled");
 script_summary(english:"Determines whether IP forwarding is enabled on the remote host.");

 script_set_attribute(attribute:"synopsis", value:
"The remote host has IP forwarding enabled.");
 script_set_attribute(attribute:"description", value:
"The remote host has IP forwarding enabled. An attacker can exploit
this to route packets through the host and potentially bypass some
firewalls / routers / NAC filtering. 

Unless the remote host is a router, it is recommended that you disable
IP forwarding.");
 script_set_attribute(attribute:"solution", value:
"On Linux, you can disable IP forwarding by doing :

echo 0 > /proc/sys/net/ipv4/ip_forward

On Windows, set the key 'IPEnableRouter' to 0 under

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

On Mac OS X, you can disable IP forwarding by executing the command :

sysctl -w net.inet.ip.forwarding=0

For other systems, check with your vendor.");
 script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P");

 script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/23");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
 script_family(english:"Firewalls");

 exit(0);
}

include("raw.inc");

if ( TARGET_IS_IPV6 ) exit(0, "IPv4 check.");
if ( islocalhost() ) exit(0, "Can't check against localhost.");
if ( ! islocalnet() ) exit(1, "Remote host is not on the local network.");
ll = link_layer();
if ( strlen(ll) < 14 ) exit(0, "Not ethernet.");

udp_src = rand() % 64000 + 1024;
udp_dst = rand() % 64000 + 1024;
src = string("169.254.", rand()%253 + 1, ".", rand()%253 + 1);
smac = get_local_mac_addr();
dmac = get_gw_mac_addr();

pkt = mkpacket(ip(ip_p:IPPROTO_UDP, ip_src:src, ip_dst:compat::this_host()), udp(uh_sport:udp_src, uh_dport:udp_dst));
ethernet = dmac + smac + mkword(0x0800);

me  = get_local_mac_addr();
filt = NULL;
for ( i = 0 ; i < 6 ; i ++ )
{
 if ( filt ) filt += " and ";
 filt += "ether[" + i + "] = " + getbyte(blob:me, pos:i) + " ";
}
for ( i = 0 ; i < 3; i ++ )
{
 r = inject_packet(packet:ethernet + pkt, filter:"udp and src port " + udp_src + " and dst port " + udp_dst + " and src host " + src + " and dst host " + compat::this_host() + " and " + filt , timeout:1);
 if ( r ) break;
}

if ( r )
{
 if ( substr(r, 0, 5) == get_local_mac_addr() &&
      substr(r, 6, 11) == dmac ) security_warning(0);
}
else exit(0, "IP forwarding is not enabled on the remote host.");