SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   Privatefirewall Vendors:   PWI, Inc.
Privacyware Privatefirewall Does Not Filter Certain Remote TCP Scans
SecurityTracker Alert ID:  1006839
SecurityTracker URL:  http://securitytracker.com/id/1006839
CVE Reference:   CVE-2003-0393   (Links to External Site)
Updated:  Jan 21 2004
Original Entry Date:  May 24 2003
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.0; prior to approximately October 23, 2003
Description:   A vulnerability was reported in Privacyware's Privatefirewall. The firewall does not properly detect or block certain TCP scans.

UkR Security Team reported that when the firewall is configured to "Filter Internet Traffic" (which is reportedly the recommended setting) or to "Deny Internet Traffic", the firewall does not detect or block TCP FIN scans or Xmas tree scans.

[Editor's note: An Xmas tree scan is one that sets at least the TCP FIN, URG, and PSH flags, which is not normal according to the RFC. If the target port is closed, the target server will typically return a TCP RST packet. If the target port is open, the target server will typically not respond at all.]

Impact:   A remote user can conduct a TCP FIN scan or Xmas tree scan against an ostensibly protected host without being detected or blocked. This allows the remote user to determine which ports are open and which are closed.
Solution:   The vendor added a fix to version 3.0. The fix was added to the builds on approximately October 23, 2003.
Vendor URL:  www.privacyware.com/index_PF.html (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents

Subject:  Some problems in Privatefirewall 3.0


UkR security team presents:
Some problems in Privatefirewall 3.0
///////////////////////////////////////////////////////////////////////////////////////////
Product: Privatefirewall
version: 3.0
Vendor : Privacyware (http://www.privacyware.com)
Author : UkR-XblP (cuctema@ok.ru) - the chief specialist 
of UkR security team (http://ust.icqinfo.ru)
///////////////////////////////////////////////////////////////////////////////////////////
About Privatefirewall:
Intrusion Detection Application that eliminates 
unauthorized access to your PC, at home, the office, or on 
the road. It provides users with full system protection 
"out-of-the-box", and allows extensive customization for 
advanced users. It continually monitors sensitive areas of 
a PC where intrusion can occur and reports on their status 
so users can make informed decisions about these areas and 
make changes as necessary. A report is generated as a HTML 
file which the user has the option of viewing.
///////////////////////////////////////////////////////////////////////////////////////////
Overview:
Privatefirewall monitors incoming and outgoing Internet 
traffic.  This consists of blocks of information called 
"packets", which can be passed between any 2 computers on 
the Internet or local network.  The amount and type of 
packets allowed to and from the user's PC is based on what 
level of monitoring the user chooses.  The user can Allow, 
Filter, or Deny Internet traffic.  
allows the user to access the Internet while maintaining 
maximum protection from incoming intrusion attempts, but 
Privatefirewall cannot detect FIN scan and Xmas tree scan. 
Hence the task to not allow scanning ports or even to 
detect it remains outstanding.
outgoing Internet traffic. - Yes, the given setting blocks 
all connections, but attacking not looking at it all the 
same can FIN scan or Xmas tree scan. Though ALL 
connections should be blocked...
///////////////////////////////////////////////////////////////////////////////////////////
---
Professional hosting for everyone - http://www.host.ru

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC