[NEWS] Symantec Enterprise Firewall Secure Webserver Information Leak

From: support@securiteam.com
Date: 10/15/02 

From: support@securiteam.com
To: list@securiteam.com
Date: 15 Oct 2002 03:43:04 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Symantec Enterprise Firewall Secure Webserver Information Leak
------------------------------------------------------------------------

SUMMARY

There exists a problem in "Simple, secure webserver 1.1" that is shipped
with Raptor Firewall 6.5 (among others), which lets an attacker map out
the entire topology of a client from the outside.

DETAILS

Versions affected:
 * Raptor Firewall 6.5 (Windows NT)
 * Raptor Firewall V6.5.3 (Solaris)
 * Symantec Enterprise Firewall 6.5.2 (Windows 2000 and NT)

There exists a problem in Simple, secure webserver 1.1 that is shipped
with Raptor Firewall 6.5 (among others), in which an attacker can connect
to the proxy server from the outside, and issue a CONNECT to IP-addresses
on the inside interface, and thereby determine if there are hosts present
or not by inspecting the error message. This problem lets an attacker map
out the entire topology of a client from the outside.

Symantec has addressed this issue as a collateral problem in an earlier
security update for the Symantec Enterprise Firewall. The Symantec
Enterprise Firewall is not vulnerable to this concern if patched fully
up-to-date.

Solutions:
Apply official patch from Symantec

Patch:
Download the appropriate patch from: <http://www.symantec.com/techsupp>
http://www.symantec.com/techsupp

Vendor status:
Symantec was contacted 27. August 2002. Symantec promptly tested and
confirmed AI-SEC Security's findings. However, Symantec claims that this
issue was fixed in a patch released late summer 2002.

ADDITIONAL INFORMATION

The information has been provided by <mailto:advisories@ai-sec.dk> AI-SEC
Security Advisories.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages