[Vulnerable] Sygate Personal Firewall PRO

14/06/2004 - 17:03 por Ille Corvus | Informe spam
Sygate Personal Firewall PRO Fail-Safe Feature Can Be Bypassed By
Local Users
http://www.securitytracker.com/aler...10480.html


Impact: Host/resource access via network, Modification of system
information

Exploit Included: Yes
Vendor Confirmed: Yes
Version(s): PRO 5.5 Build 2525

Description: Tan Chew Keong of SIG^2 reported a vulnerability in
Sygate Personal Firewall PRO. A local user or application can disable
the firewall's fail-safe feature.

It is reported that the driver implementation (teefer.sys) contains a
flaw that allows a local application to disable the fail-safe feature.
Ordinarily, the fail-safe feature will block all traffic when the
firewall service (smc.exe) is not loaded.

The report indicates that the driver does not authenticate received
control codes to ensure that they originated from the firewall
application. As a result, a local application can cause 'smc.exe' to
crash and then can communicate directly with the device
(\\device\Teefer) to disable the fail-safe protection.

The vendor was reportedly notified on May 30, 2004.

The original advisory is available at:
http://www.security.org.sg/vuln/spfp.html

Impact: A local user can disable the fail-safe feature.

Solution: No solution was available at the time of this entry. The
vendor is reportedly working on a fix for an upcoming release.
Vendor URL: soho.sygate.com/products/spf_pro.htm (Links to External
Site)

Cause: Authentication error, State error

Underlying OS: Windows (Any)


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."
 

Leer las respuestas

#1 Anonimo
14/06/2004 - 21:48 | Informe spam
Tella MIRA es VULNERABLE, que vas a decir ahora JuuuaaasSSS



Sygate Personal Firewall PRO Fail-Safe Feature Can Be


Bypassed By
Local Users
http://www.securitytracker.com/aler...10480.html


Impact: Host/resource access via network, Modification of


system
information

Exploit Included: Yes
Vendor Confirmed: Yes
Version(s): PRO 5.5 Build 2525

Description: Tan Chew Keong of SIG^2 reported a


vulnerability in
Sygate Personal Firewall PRO. A local user or application


can disable
the firewall's fail-safe feature.

It is reported that the driver implementation (teefer.sys)


contains a
flaw that allows a local application to disable the


fail-safe feature.
Ordinarily, the fail-safe feature will block all traffic


when the
firewall service (smc.exe) is not loaded.

The report indicates that the driver does not authenticate


received
control codes to ensure that they originated from the firewall
application. As a result, a local application can cause


'smc.exe' to
crash and then can communicate directly with the device
(\\device\Teefer) to disable the fail-safe protection.

The vendor was reportedly notified on May 30, 2004.

The original advisory is available at:
http://www.security.org.sg/vuln/spfp.html

Impact: A local user can disable the fail-safe feature.

Solution: No solution was available at the time of this


entry. The
vendor is reportedly working on a fix for an upcoming release.
Vendor URL: soho.sygate.com/products/spf_pro.htm (Links


to External
Site)

Cause: Authentication error, State error

Underlying OS: Windows (Any)


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan


pagar."
"El software libre es para toda la Humanidad."
.

Preguntas similares