Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Firewall)  >   Symantec Enterprise Firewall (Raptor) Vendors:   Symantec
Symantec Enterprise Firewall (Raptor Firewall) May Disclose Internal IP Address Information to Remote Users
SecurityTracker Alert ID:  1005412
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 15 2002
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.5.3 (Solaris), 6.5.2 (NT and 2000), and 6.5 (NT); Simple, Secure Web Server 1.1
Description:   An information disclosure vulnerability was reported in a component of the Symantec Enterprise Firewall (Raptor). A remote user may be able to determine the existence of hosts on the inside network.

It is reported that a secure web server ("Simple, Secure Web Server 1.1") shipped with the firewall may allow a remote user to connect to the proxyserver and issue a CONNECT request for an internal IP address. The remote user can determine if the internal IP host exists based on the error message returned.

Impact:   A remote user can determine if internal hosts exist or not.
Solution:   It is reported that Symantec has released a patch. However, the report did not provide any details about the patch. Contact Symantec for more information.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents

Subject:  Symantec Enterprise Firewall Secure Webserver info leak

Advanced IT-Security Advisory #02-10-2002

Symantec Enterprise Firewall Secure Webserver info leak

There exists a problem in Simple, secure webserver 1.1 which is shipped with Raptor Firewall 6.5 (among others), in which an attacker
 can connect to the proxyserver from the outside, and issue a 
CONNECT to IP-addresses on the inside interface, and thereby determine if there are hosts present or not by inspecting the errormessage.
 This problem lets an attacker map out the entire topology of a 
client from the outside. 

Symantec has addressed this issue as a collateral problem in an earlier security update for the Symantec Enterprise Firewall. The
 Symantec Enterprise Firewall is not vulnerable to this concern if 
patched fully up-to-date.

Versions affected:
Raptor Firewall 6.5 (Windows NT)
Raptor Firewall V6.5.3 (Solaris)
Symantec Enterprise Firewall 6.5.2 (Windows 2000 and NT)

Apply official patch from Symantec


Symantec was contacted 27. August 2002. Symantec promptly tested and confirmed our findings. However, Symantec claims that this issue
 was fixed in a patch released late summer 2002.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC