Privacyware Privatefirewall Does Not Filter Certain Remote TCP Scans
SecurityTracker Alert ID: 1006839|
SecurityTracker URL: http://securitytracker.com/id/1006839
(Links to External Site)
Updated: Jan 21 2004|
Original Entry Date: May 24 2003
Host/resource access via network|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): 3.0; prior to approximately October 23, 2003|
A vulnerability was reported in Privacyware's Privatefirewall. The firewall does not properly detect or block certain TCP scans.|
UkR Security Team reported that when the firewall is configured to "Filter Internet Traffic" (which is reportedly the recommended setting) or to "Deny Internet Traffic", the firewall does not detect or block TCP FIN scans or Xmas tree scans.
[Editor's note: An Xmas tree scan is one that sets at least the TCP FIN, URG, and PSH flags, which is not normal according to the RFC. If the target port is closed, the target server will typically return a TCP RST packet. If the target port is open, the target server will typically not respond at all.]
A remote user can conduct a TCP FIN scan or Xmas tree scan against an ostensibly protected host without being detected or blocked. This allows the remote user to determine which ports are open and which are closed.|
The vendor added a fix to version 3.0. The fix was added to the builds on approximately October 23, 2003.|
Vendor URL: www.privacyware.com/index_PF.html (Links to External Site)
Access control error, State error|
Source Message Contents
Subject: Some problems in Privatefirewall 3.0|
UkR security team presents:
Some problems in Privatefirewall 3.0
Vendor : Privacyware (http://www.privacyware.com)
Author : UkR-XblP (firstname.lastname@example.org) - the chief specialist
of UkR security team (http://ust.icqinfo.ru)
Intrusion Detection Application that eliminates
unauthorized access to your PC, at home, the office, or on
the road. It provides users with full system protection
"out-of-the-box", and allows extensive customization for
advanced users. It continually monitors sensitive areas of
a PC where intrusion can occur and reports on their status
so users can make informed decisions about these areas and
make changes as necessary. A report is generated as a HTML
file which the user has the option of viewing.
Privatefirewall monitors incoming and outgoing Internet
traffic. This consists of blocks of information called
"packets", which can be passed between any 2 computers on
the Internet or local network. The amount and type of
packets allowed to and from the user's PC is based on what
level of monitoring the user chooses. The user can Allow,
Filter, or Deny Internet traffic.
allows the user to access the Internet while maintaining
maximum protection from incoming intrusion attempts, but
Privatefirewall cannot detect FIN scan and Xmas tree scan.
Hence the task to not allow scanning ports or even to
detect it remains outstanding.
outgoing Internet traffic. - Yes, the given setting blocks
all connections, but attacking not looking at it all the
same can FIN scan or Xmas tree scan. Though ALL
connections should be blocked...
Professional hosting for everyone - http://www.host.ru