SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Sophos UTM (Astaro Security Gateway) Vendors:   Astaro
Astaro Security Gateway Lets Remote Users Deny Service and Potentially Bypass Security Scanning
SecurityTracker Alert ID:  1018543
SecurityTracker URL:  http://securitytracker.com/id/1018543
CVE Reference:   CVE-2007-4242, CVE-2007-4243   (Links to External Site)
Date:  Aug 9 2007
Impact:   Denial of service via network, Host/resource access via network
Exploit Included:  Yes  
Version(s): 7.x
Description:   A vulnerability was reported in Astaro Security Gateway. A remote user can cause denial of service conditions. A remote user may be able to bypass security scanning in certain cases.

A remote user can cause excessive CPU consumption on the target device.

A remote user can send a specially crafted attachment that is larger than the attachment size limit, the POP3 proxy may allow the attachment to pass without being scanned.

William Warren reported this vulnerability.

The original advisory is available at:

http://www.hescominsoon.com/archives/773

Impact:   A remote user can cause denial of service conditions.

A remote user may be able to bypass security scanning.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.astaro.com/ (Links to External Site)
Cause:   Access control error, Exception handling error

Message History:   None.


 Source Message Contents

Subject:  DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE

I have details about the DOS issue on my blog with links to the Astaro 
forums.

http://www.hescominsoon.com/archives/773

Version affected:
ALL Version 7 systems.

This is easily reproducible.  Just setup a BT client behind the astaro 
and do not setup a packetfilter and NAT rule for the BT traffic.  This 
way all the incoming return traffic is blocked.  Go download something 
like the Centos DVD torrent.  Some machine(like mine) are easy to bring 
down.  Others take a time longer.  The pfilter-repoter.pl file will peg 
the cpu for an exorbitant amount of time.  Before 7.006 it would take 
the machine offline.  7.006 partially mitigates in my testing but not fully.


For the pop3 Proxy if you set an attachment size limit, any attachments 
over that size are NOT scanned and allowed to pass through instead of 
being quarantined.

These are not critical events but are issues nonetheless.



-- 
My "Foundation" verse:
Isa 54:17  No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.

-- carpe ductum -- "Grab the tape"
CDTT (Certified Duct Tape Technician)

Linux user #322099
Machines:
206822
256638
276825
http://counter.li.org/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC