[Vulnerable] Sygate Personal Firewall PRO

14/06/2004 - 17:03 por Ille Corvus | Informe spam
Sygate Personal Firewall PRO Fail-Safe Feature Can Be Bypassed By
Local Users
http://www.securitytracker.com/aler...10480.html


Impact: Host/resource access via network, Modification of system
information

Exploit Included: Yes
Vendor Confirmed: Yes
Version(s): PRO 5.5 Build 2525

Description: Tan Chew Keong of SIG^2 reported a vulnerability in
Sygate Personal Firewall PRO. A local user or application can disable
the firewall's fail-safe feature.

It is reported that the driver implementation (teefer.sys) contains a
flaw that allows a local application to disable the fail-safe feature.
Ordinarily, the fail-safe feature will block all traffic when the
firewall service (smc.exe) is not loaded.

The report indicates that the driver does not authenticate received
control codes to ensure that they originated from the firewall
application. As a result, a local application can cause 'smc.exe' to
crash and then can communicate directly with the device
(\\device\Teefer) to disable the fail-safe protection.

The vendor was reportedly notified on May 30, 2004.

The original advisory is available at:
http://www.security.org.sg/vuln/spfp.html

Impact: A local user can disable the fail-safe feature.

Solution: No solution was available at the time of this entry. The
vendor is reportedly working on a fix for an upcoming release.
Vendor URL: soho.sygate.com/products/spf_pro.htm (Links to External
Site)

Cause: Authentication error, State error

Underlying OS: Windows (Any)


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."

Preguntas similare

Leer las respuestas

#1 Anonimo
14/06/2004 - 21:48 | Informe spam
Tella MIRA es VULNERABLE, que vas a decir ahora JuuuaaasSSS



Sygate Personal Firewall PRO Fail-Safe Feature Can Be


Bypassed By
Local Users
http://www.securitytracker.com/aler...10480.html


Impact: Host/resource access via network, Modification of


system
information

Exploit Included: Yes
Vendor Confirmed: Yes
Version(s): PRO 5.5 Build 2525

Description: Tan Chew Keong of SIG^2 reported a


vulnerability in
Sygate Personal Firewall PRO. A local user or application


can disable
the firewall's fail-safe feature.

It is reported that the driver implementation (teefer.sys)


contains a
flaw that allows a local application to disable the


fail-safe feature.
Ordinarily, the fail-safe feature will block all traffic


when the
firewall service (smc.exe) is not loaded.

The report indicates that the driver does not authenticate


received
control codes to ensure that they originated from the firewall
application. As a result, a local application can cause


'smc.exe' to
crash and then can communicate directly with the device
(\\device\Teefer) to disable the fail-safe protection.

The vendor was reportedly notified on May 30, 2004.

The original advisory is available at:
http://www.security.org.sg/vuln/spfp.html

Impact: A local user can disable the fail-safe feature.

Solution: No solution was available at the time of this


entry. The
vendor is reportedly working on a fix for an upcoming release.
Vendor URL: soho.sygate.com/products/spf_pro.htm (Links


to External
Site)

Cause: Authentication error, State error

Underlying OS: Windows (Any)


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan


pagar."
"El software libre es para toda la Humanidad."
.

Respuesta Responder a este mensaje
#2 .
14/06/2004 - 21:53 | Informe spam
x-no-archive:yes
Respuesta Responder a este mensaje
#3 Xandro
14/06/2004 - 21:58 | Informe spam
Creo que tiene Vd, que aprender inglés:

A local user or application can disable
the firewall's fail-safe feature.



Tella MIRA es VULNERABLE, que vas a decir ahora


JuuuaaasSSS



Sygate Personal Firewall PRO Fail-Safe Feature Can Be


Bypassed By
Local Users
http://www.securitytracker.com/aler...1010480.ht




ml


Impact: Host/resource access via network, Modification




of
system
information

Exploit Included: Yes
Vendor Confirmed: Yes
Version(s): PRO 5.5 Build 2525

Description: Tan Chew Keong of SIG^2 reported a


vulnerability in
Sygate Personal Firewall PRO. A local user or application


can disable
the firewall's fail-safe feature.

It is reported that the driver implementation




(teefer.sys)
contains a
flaw that allows a local application to disable the


fail-safe feature.
Ordinarily, the fail-safe feature will block all traffic


when the
firewall service (smc.exe) is not loaded.

The report indicates that the driver does not




authenticate
received
control codes to ensure that they originated from the




firewall
application. As a result, a local application can cause


'smc.exe' to
crash and then can communicate directly with the device
(\\device\Teefer) to disable the fail-safe protection.

The vendor was reportedly notified on May 30, 2004.

The original advisory is available at:
http://www.security.org.sg/vuln/spfp.html

Impact: A local user can disable the fail-safe feature.

Solution: No solution was available at the time of this


entry. The
vendor is reportedly working on a fix for an upcoming




release.
Vendor URL: soho.sygate.com/products/spf_pro.htm (Links


to External
Site)

Cause: Authentication error, State error

Underlying OS: Windows (Any)


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan


pagar."
"El software libre es para toda la Humanidad."
.



.

Respuesta Responder a este mensaje
#4 Anonimo
17/06/2004 - 14:03 | Informe spam
gracias me voy a comprar otro firewall cual me recomiendas
para xp o 2000, eset parece que tiene muchos fallos

Sygate Personal Firewall PRO Fail-Safe Feature Can Be


Bypassed By
Local Users
http://www.securitytracker.com/aler...010480.htm


l


Impact: Host/resource access via network, Modification


of system
information

Exploit Included: Yes
Vendor Confirmed: Yes
Version(s): PRO 5.5 Build 2525

Description: Tan Chew Keong of SIG^2 reported a


vulnerability in
Sygate Personal Firewall PRO. A local user or application


can disable
the firewall's fail-safe feature.

It is reported that the driver implementation


(teefer.sys) contains a
flaw that allows a local application to disable the fail-


safe feature.
Ordinarily, the fail-safe feature will block all traffic


when the
firewall service (smc.exe) is not loaded.

The report indicates that the driver does not


authenticate received
control codes to ensure that they originated from the


firewall
application. As a result, a local application can


cause 'smc.exe' to
crash and then can communicate directly with the device
(\\device\Teefer) to disable the fail-safe protection.

The vendor was reportedly notified on May 30, 2004.

The original advisory is available at:
http://www.security.org.sg/vuln/spfp.html

Impact: A local user can disable the fail-safe feature.

Solution: No solution was available at the time of this


entry. The
vendor is reportedly working on a fix for an upcoming


release.
Vendor URL: soho.sygate.com/products/spf_pro.htm (Links


to External
Site)

Cause: Authentication error, State error

Underlying OS: Windows (Any)


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan


pagar."
"El software libre es para toda la Humanidad."
.

Respuesta Responder a este mensaje
#5 Ille Corvus
17/06/2004 - 22:33 | Informe spam
El Thu, 17 Jun 2004 05:03:49 -0700,
escribio:

gracias me voy a comprar otro firewall cual me recomiendas
para xp o 2000, eset parece que tiene muchos fallos



Todo el software tiene fallos :-)

Como recomendacion tienes:

Agnitum Outpost (www.agnitum.com)
Existe una version gratuita que te protegera bien, pero te recomiendo
la Pro 2.x --de pago-- en Español entre otros idiomas.

Kerio (www.kerio.com)
Gratuito para usuarios particulares, no empresas.
En ingles pero necesitas de conocimientos del protocolo TCP/IP.

Zone Alarm (www.zonealarm.com)
Hay una nueva version 5.x --no la he probado--, la version 4.5 Pro
consumia demasiados recursos.
Tambien existe una version gratuita.

Yo me quedaria con Agnitum o Kerio.

Salu2.


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Primero te ignoran, después se ríen de tí, para después luchar contra tí. En ese momento, has ganado. (Ghandi)»
email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida