[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <firewalls@xxxxxxxxxxxxxxxxx>, <pen-test@xxxxxxxxxxxxxxxxx>, <vuln-dev@xxxxxxxxxxxxxxxxx>
Subject: Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products
From: "Mike Sues" <msues@xxxxxxxxxxxxxxxxxx>
Date: 2004年9月22日 14:50:12 -0400

 Rigel Kent Security & Advisory Services Inc
 http://www.rigelksecurity.com
 Advisory # RK-001-04
 Mike Sues
 September 22, 2004
"Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security
Products"
 Platform : Symantec Enterprise Firewall/VPN Appliances
 100, 200, 200R
 Symantec Gateway Security 320
 Symantec Gateway Security 320, 360, 360R
 
 Version : 100, 200, 200R
 Prior to firmware build 1.63
 320, 360, 360R
 Prior to build 622
 Configuration : Default
 
Abstract:
========
 Three high-risk vulnerabilities have been identified in the Symantec
 Enterprise Firewall products and two in the Gateway products. All are
 remotely exploitable and allow an attacker to perform a denial of service
 attack against the firewall, identify active services in the WAN interface
 and exploit one of these services to collect and alter the firewall or
 gateway's configuration.
Vulnerabilities:
===============
 Issue RK-001-04-01:
 Denial of service caused by a fast UDP port scan
 Severity:
 High
 Description:
 A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN
 interface of the firewall will cause the firewall to lock up and
stop
 responding. Turning the power off and on will reset the firewall.
 The Gateway Security products are not affected by this issue.
 Countermeasure:
 Install firmware build 1.63
 Issue RK-001-04-02:
 Filter bypass on WAN interface
 Severity:
 High
 Description:
 A UDP port scan against the WAN interface of the firewall from a
source
 port of UDP 53 bypasses filter on WAN interface and exposes the
following
 active services,
 tftpd
 snmpd
 isakmp
 All other ports are reported as closed. 
 Countermeasure:
 100, 200, 200R
 Install firmware build 1.63
 320, 360, 360R
 Install firmware build 622
 Issue RK-001-04-03:
 Default read/write community string on SNMP service
 Severity:
 High
 Description:
 The default read/write community string used by the firewall is
public,
 allowing an attacker to collect and alter the firewall's
configuration.
 By combining this with RK-001-04-02, an attacker is able to exploit
this
 against the WAN interface by sending SNMP GET/SET requests whose
source
 port is UDP 53.
 Moreover, the administrative interface for the firewall does not
allow the
 operator to disable the service nor change the community strings. 
 Countermeasure:
 100, 200, 200R
 Install firmware build 1.63
 320, 360, 360R
 Install firmware build 622
Credits:
=======
 Rigel Kent Security & Advisory Services would like to thank Symantec for
 their prompt response and action.

Prev by Date: Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
Next by Date: RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
Previous by thread: Pinnacle ShowCenter 1.51 possible DoS
Next by thread: [CLA-2004:866] Conectiva Security Announcement - qt3
Index(es):
- Date
- Thread