[NT] Snapgear Lite+ Firewall Denial of Service
From: support@securiteam.comDate: 05/03/02
- Previous message: support@securiteam.com: "[EXPL] Bruteforcing support for PPPD (Patch)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Fri, 3 May 2002 13:58:47 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Snapgear Lite+ Firewall Denial of Service
------------------------------------------------------------------------
SUMMARY
Several issues with the <http://www.snapgear.com> Snapgear Lite+ Firewall
could allow a malicious user to cause a Denial of Service situation, where
part of or all of the Firewall would cease to function.
DETAILS
Vulnerable systems:
- Snapgear Lite+ V1.5.3 (all issues)
- Snapgear Lite+ V1.5.4 (some issues)
Immune systems:
- Snapgear Lite+ V1.6.0
We found problems with the way the Snapgear Firewall handled malicious
traffic in four general areas:
HTTP
If external web management had been enabled, creating 50 connections to
the web port and cycling through them would result in the firewall
crashing. In V1.5.4, this would only result in web management crashing.
PPTP
If PPTP had been enabled, creating 50 connections to the PPTP port and
cycling through them would result in the firewall crashing.
IPSEC
Sending a 0-length UDP packet to UDP port 500 would result in IPSEC
exiting. This would result in IPSEC no longer working. This issue was
resolved in v1.5.4.
IP-OPTIONS
Sending a stream of approx. 7000 packets with malformed IP options through
the firewall would result in the firewall crashing. This stream could be
sent from the internal network or externally.
Vendor response:
The vendor was contacted about the first issue on 14 February 2002 and
subsequently on 7 March 2002 about the remaining issues. On 10 April 2002,
we received a beta version of v1.6.0, which corrected the issues. On 2 May
2002, we received notification that V1.6.0 had been released.
Corrective action:
Install firmware version 1.6.0, which is available here:
<http://www.snapgear.com/downloads.html>
http://www.snapgear.com/downloads.html
ADDITIONAL INFORMATION
The information has been provided by <mailto:pgrundl@kpmg.dk> Peter
Gründl.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[EXPL] Bruteforcing support for PPPD (Patch)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
