[NT] Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities

From: support@securiteam.com
Date: 08/21/02


From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 21 Aug 2002 11:09:27 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities
------------------------------------------------------------------------

SUMMARY

Tiny Personal Firewall 3.0 is ideal for standalone computers or for
trusted experienced users in corporate environment. It protects personal
computers against network attacks, worms, Trojans and viruses and manages
the access of computer processes (programs) to computer resources (memory,
files, devices).

Tiny Personal Firewall 3.0 for Windows platform contains Denial of Service
vulnerabilities in its Personal Firewall Agent module specifically the
activity logger tab. These vulnerabilities could allow an attacker to
crash the operating system consuming 100% of your CPU resources.

DETAILS

Vulnerable systems:
 * Tiny Personal Firewall version 3.0

1] DoS vulnerability with Tiny Personal Firewall 3.0 Default Installation
By simply port scanning the host with Tiny Personal Firewall 3.0 default
install by sending multiple SYN, UDP, ICMP and TCP full Connect through
all its ports and as the user browses its Personal Firewall Agent module
firewall Log tab. The user can cause a crash to its own operating system
by just clicking or viewing the Activity tab of the said module.

Note: With WinNT 4.0 with SP6a workaround is not possible.

2] IP spoofing and DoS vulnerability
It is quite similar to the first one but this vulnerability comes in with
the fully configured Tiny Personal Firewall 3.0 and Setting up the
personal firewall to HIGH Security. The Personal firewall is having
problem-blocking packets with Spoof source address .

Workaround:
1] Simply change the permission for the rules under System Applications on
Inbound ICMP (LAN1) to ask user.

2] This vulnerability has no work around. Even if you block all the IP
addresses, protocols and ports, the Firewall will fail to handle the
attack.

ADDITIONAL INFORMATION

The information has been provided by <mailto:aaron@nssolution.com> Aaron
Tan Lu and <mailto:b45h3r@techie.com> b45h3r.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • Re: Still need to patch?
    ... > We have personal firewall on all laptops and the laptops run Automatic ... > I do get the point though, too much security is never a bad thing. ... This server is most likely accessible from ...
    (comp.security.firewalls)
  • [NT] Kerio Personal Firewall Denial of Service Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Kerio Personal Firewall 2.x.x for the Windows platform contains a Denial ... This vulnerability allows an attacker to cause ... the host to hang-up and to cause its CPU utilization to jump to 100%. ...
    (Securiteam)
  • Re: System Restore Keeping Only One Restore Point
    ... impression of improving your security without doing anything that actually ... Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall ... we have some reservations about personal firewall "leak testing" ... to measure the outbound protection provided by personal firewalls in cases ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Zone Alarm
    ... >keep me informed on security issues. ... >> Personal firewall software is generally a good, ... >> making your computer secure enough and/or more secure ... >basically, if your just a home user zone alarm is ideal, ...
    (microsoft.public.security)
  • Re: Zone Alarm
    ... Security is ever changing. ... > for users of all skill levels to secure their computers. ... > a few known vulnerabilities to personal firewall software. ... There are so many un-secure computers out there, most hackers ...
    (microsoft.public.security)