Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Securit

from [Mike Sues] Network Security [Permanent Link]
Subject: Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products
Date: Wed, 22 Sep 2004 14:50:12 -0400 

               Rigel Kent Security & Advisory Services Inc
                       http://www.rigelksecurity.com

                       Advisory # RK-001-04

                            Mike Sues
                       September 22, 2004


"Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security
Products"


  Platform      :       Symantec Enterprise Firewall/VPN Appliances
                        100, 200, 200R
                        Symantec Gateway Security 320
                        Symantec Gateway Security 320, 360, 360R
                        
  Version       :     100, 200, 200R
                                Prior to firmware build 1.63
                        320, 360, 360R
                                Prior to build 622

  Configuration :       Default
        

Abstract:
========

  Three high-risk vulnerabilities have been identified in the Symantec
  Enterprise Firewall products and two in the Gateway products. All are
  remotely exploitable and allow an attacker to perform a denial of service
  attack against the firewall, identify active services in the WAN interface
  and exploit one of these services to collect and alter the firewall or
  gateway's configuration.


Vulnerabilities:
===============


  Issue RK-001-04-01:
        Denial of service caused by a fast UDP port scan
    Severity:
        High
    Description:
        A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN
        interface of the firewall will cause the firewall to lock up and
stop
        responding. Turning the power off and on will reset the firewall.

        The Gateway Security products are not affected by this issue.
    Countermeasure:
        Install firmware build 1.63



  Issue RK-001-04-02:
        Filter bypass on WAN interface
    Severity:
        High
    Description:
        A UDP port scan against the WAN interface of the firewall from a
source
        port of UDP 53 bypasses filter on WAN interface and exposes the
following
        active services,

                tftpd
                snmpd
                isakmp

        All other ports are reported as closed. 
    Countermeasure:
        100, 200, 200R
                Install firmware build 1.63
        320, 360, 360R
                Install firmware build 622



  Issue RK-001-04-03:
        Default read/write community string on SNMP service
    Severity:
        High
    Description:
        The default read/write community string used by the firewall is
public,
        allowing an attacker to collect and alter the firewall's
configuration.
        By combining this with RK-001-04-02, an attacker is able to exploit
this
        against the WAN interface by sending SNMP GET/SET requests whose
source
        port is UDP 53.

        Moreover, the administrative interface for the firewall does not
allow the
        operator to disable the service nor change the community strings. 
    Countermeasure:
        100, 200, 200R
                Install firmware build 1.63
        320, 360, 360R
                Install firmware build 622


Credits:
=======

  Rigel Kent Security & Advisory Services would like to thank Symantec for
  their prompt response and action.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products, Mike Sues <=
Previous by Date:  compare PIX with FWSM Cisco product, tran quoc khanh
Next by Date:  RE: BAD-TRAFFIC loopback traffic, David Gillett
Previous by Thread:  compare PIX with FWSM Cisco product, tran quoc khanh
Next by Thread:  PIX failover without using HSRP, steve ruben
Indexes:  [Date] [Thread] [Top] [All Lists]