SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Firewall)  >   Sygate Personal Firewall Vendors:   Sygate
Sygate Personal Firewall Allows Remote Users to Traverse the Firewall in Certain Cases
SecurityTracker Alert ID:  1005970
SecurityTracker URL:  http://securitytracker.com/id/1005970
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 23 2003
Impact:   Host/resource access via network
Exploit Included:  Yes  
Version(s): 5.0
Description:   An access control vulnerability was reported in the Sygate Personal Firewall Pro edition. A remote user can send packets through the firewall to certain ports.

It is reported that the default configuration of the firewall permits UDP packets to access open destination ports on the firewall-protected host if the packet source port is port 137 or 138.

A demonstration exploit nmap scan command is provided:

nmap -vv -P0 -sU 192.168.0.1 -g 137

The vendor has reportedly been notified.
Impact:   A remote user can access open UDP ports on the firewall.
Solution:   No solution was available at the time of this entry.

The author of the report has indicated that, as a workaround, you can configure a rule to block all incoming UDP packets that have a source address of port 137 or 138.
Vendor URL:  soho.sygate.com/products/pspf_ov.htm (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:   Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Sygate Describes Fix) Re: Sygate Personal Firewall Allows Remote Users to Traverse the Firewall in Certain Cases   (Elisha Riedlinger <elisha.riedlinger@SYGATE.COM>)
The vendor has described a fix.


 Source Message Contents
Date:  Wed, 22 Jan 2003 20:35:50 +0100
Subject:  Access to open udp ports with Sygate Pro 5.0


Issue : Full access to open udp ports with Sygate Pro 5.0


Vendor status : vendor was contacted but got no response
from them


Description:

Sygate Pro is a personal firewall very easy to configure.No rules
are installed in a default configuration.A default installation pretends
to be enough to block all accesses to your ports.

By default , traffic from udp source port 137 or 138 is allowed by
the firewall , so to bypass it you just have to set your source port
to 137 or 138.Doing this all packets addressed to an open udp port
will be forwarded by the firewall


Attack :

nmap -vv -P0 -sU 192.168.0.1 -g 137


Recommendation :

Set a rule to block all incoming udp traffic with source
port 137 and 138



Regards,

David Fernandez Madrid,
Madrid,Spain

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time

Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com.  NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer.  Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC