Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Firewall)  >   Tiny Personal Firewall Vendors:   Tiny Software
Tiny Personal Firewall Default Configuration Allows Remote Users to Crash the Protected Host's Operating System and May Also Allow Some Spoofed Packets to Pass Through the Firewall
SecurityTracker Alert ID:  1005094
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 21 2002
Impact:   Denial of service via network, Host/resource access via network
Exploit Included:  Yes  
Version(s): 3.0
Description:   A denial of service vulnerability was reported in the Tiny Personal Firewall. A remote user can cause the underlying operating system to crash. Also, certain spoofed packets may be able to bypass the firewall's filtering mechanism.

NSSI-Research Labs issued an advisory warning of two vulnerabilities in the Tiny Personal Firewall.

One vulnerability is in the Personal Firewall Agent module's activity logger tab. A remote user can cause the firewall and the operating system to crash by sending multiple TCP SYN, TCP Connect, UDP, and ICMP packets to all ports when a user is viewing the log.

It is also reported that a remote user can send packets with a spoofed source address set to the firewall's own IP address to cause some of the packets to pass through the firewall's access control mechanism even when the firewall is configured for 'HIGH' security.

The vendor has reportedly been notified.

Impact:   A remote user can cause the firewall's host operating system to crash. A remote user may be able to get spoofed packets to pass through the firewall's filtering mechanism.
Solution:   No solution was available at the time of this entry.

As a workaround to the denial of service vulnerability, the author of the report has indicated that you can change the permission for the rules under System Applications on Inbound ICMP(LAN1) to ask user.

Vendor URL: (Links to External Site)
Cause:   Access control error, Exception handling error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Tested on Windows NT and Windows 2000

Message History:   None.

 Source Message Contents

Subject:  NSSI-2002-tpfw: Tiny Personal Firewall 3.0 Denial of Service

NSSI-Research Labs Security Advisory (Ph)

"Maximum e-security"

Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities

Author: Aaron Tan Lu / b45h3r

e-Mail: /

Advisory Code: NSSI-2002-tpfw

Tested under Win2k Advance Server / WinNT 4.0

Vendor Status:  No Response for 1 1/2 weeks after the notice. They just informed us that they already gave notice to their Development

Vendors website:

Severity: High



     Tiny Personal Firewall 3.0 is ideal for standalone computers or for trusted experienced users in corporate environment. It protects
 personal computers against network attacks, worms, trojans and viruses and manages the access of computer processes (programs) to
 computer resources (memory, files, devices). This was said on their web-site as it goes.  

Tiny Personal Firewall 3.0 for windows platform contains  Denial of Service vulnerabilities in its Personal Firewall Agent module
 specifically the activity logger tab. These vulnerabilities could allow an attacker to crash the operating system consuming 100%
 of your CPU resources. 


1] DoS vulnerability with Tiny Personal Firewall 3.0 Default Installation

    - By simply portscanning the host with Tiny Personal Firewall 3.0 default install by sending multiple SYN, UDP,  ICMP and TCP
 full Connect  through all its ports and as the user browses its Personal Firewall Agent module firewall Log tab.  The user can cause
 a crash to its own operating system by just clicking or viewing the Activity tab of the said module. 

Note: With WinNT 4.0 with Sp6a workaround is not possible.

2] IP spoofing and DoS vulnerability

    - It is quite similar to the first one but this vulnerability comes in with the fully configured Tiny Personal Firewall 3.0 and
 Setting up the personal firewall to HIGH Security. The Personal firewall is having problem blocking packets with Spoof source address
 <firewall's own IP address>.


1] Simply change the permission for the rules under System Applications on Inbound ICMP(LAN1) to ask user. 

2] This vulnerability has no work around. Even if you block all the IP addresses, protocols and ports, the Firewall will fail to handle
 the attack.


Any Questions? Suggestions? or Comments? let us know

e-mail: / /

Sign-up for your own FREE Personalized E-mail at


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC