The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Clavister Firewall Multiple Vulnerabilities (Multiple DoS, Password String
Filtering)
------------------------------------------------------------------------
SUMMARY
"The products in the <http://www.clavister.com/> Clavister Security
Gateway Appliance series are turn-key solutions available in a variety of
models to match variable scenarios. The models range from powerful
carrier-class products to small units for remote office and branch office
solutions."
The lack of IP range sanitation allows attackers to crash the Clavister
Firewall. Further, lack of password strength verification mechanisms allow
users to configure the Firewall to use weak passwords for authentication
purposes.
DETAILS
Vulnerable Systems:
* Clavister Gateway version 8.50 and prior
* EnterNet FireWall version 6.01
Immune Systems:
* Clavister Gateway version 8.50.01
Memory Exhaustion DoS:
An attacker can cause the Firewall to crash by configuring it to accept a
large IP address pool for its L2TP (Layer 2 Tunneling Protocol) or PPTP
(Point-to-Point Tunneling Protocol) support. This is due to the fact that
the IP pool requires very large amounts of RAM, for example when such
ranges as "0.0.0.0/0" or an entire class 'A' network (i.e. 16 million
addresses) is provided to the Firewall.
Lack of Password Strength Verification Mechanisms:
Some special characters are not accepted by the Firewall when they are
assigned to usernames, passwords, PKSs (pre-shared keys) and other
user-specific credentials.
This in turn can cause weak passwords to be used as they user is not made
aware that the special characters were not used in the final password used
for authentication.
Disclosure Timeline:
03-06-2005 - Vulnerability researched
04-06-2005 - Security companies and several CERT units contacted -
Additional detailed information sent to security companies and several
CERT units
ADDITIONAL INFORMATION
The information has been provided by <mailto:juha-matti.laurio@netti.fi>
Juha-Matti Laurio.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
