Re: Bypassing Personal Firewalls

From: Seth Knox (seth.knox@sygate.com)
Date: 02/22/03

Next message: Christian Kratzer: "Re: Apache 2.x leaked descriptors"

Previous message: David M. Wilson: "Re: Apache 2.x leaked descriptors"
Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Seth Knox <seth.knox@sygate.com>
To: "'vuln-dev@securityfocus.com'" <vuln-dev@securityfocus.com>
Date: Fri, 21 Feb 2003 17:46:41 -0800

Sygate Security Response

Sygate was made aware of an exposure in Sygate Personal Firewall and
Sygate Security Agent on 2/21/2003 by way of the vuln-dev mailing list in
a post by xenophi1e (oliver.lavery@sympatico.ca).

Sygate Security Bulletin ID
----------------------------
SS20030221-0001

Description
------------

The reporter of the vulnerability described a problem in Sygate Personal
Firewall Pro, ZoneAlarm Pro 3.5, Zero-Knowledge Freedom Firewall,
LooknStop 2.04, and Norton Personal Firewall 2003. The reporter of the
vulnerability described a problem in which an attacker can bypass a personal

firewall and possibly perform malicious actions.

Impact of this vulnerability
-----------------------------

Only versions prior to build 1175 (available 1/29/2003) of Sygate Personal
Firewall are impacted by this vulnerability.

Only versions prior to build 1152 (available 10/22/2002) of Sygate Security
Agent Maintenance Release 1 are impacted by this vulnerability.

Sygate Personal Firewall and Sygate Security Agent prevent a program from
creating a new thread within the address space of Sygate Personal Firewall
or Sygate Security Agent and therefore prevents a thread from being created
to
execute malicious code.

Affected software
-----------------

* Sygate Personal Firewall Pro 5.0
* Sygate Personal Firewall 5.0
* Sygate Security Agent

Vulnerability resolution
------------------------

Sygate Personal Firewall users running a Build prior to 1175 should download
the latest version, available at:

http://soho.sygate.com/free/default.php

Sygate Security Agent users should contact their Sygate Enterprise Support
Representative for the latest update.

In conformance with RFPolicy, Sygate has a security@sygate.com email
address and encourages the security research community to utilize it when
reporting exposures in Sygate products.

Regards,

Seth Knox
Product Manager
Sygate Technologies

Next message: Christian Kratzer: "Re: Apache 2.x leaked descriptors"
Previous message: David M. Wilson: "Re: Apache 2.x leaked descriptors"
Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Sygate Security Bulletin ID SS20030129-0002
... Sygate Security Agent 3.0 on 1/23/2003 by David Fernandez Madrid ... attacker could gain access to a system with an open UDP port that was ... protected by Sygate Personal Firewall by sending specially crafted UDP ... Firewall or Sygate Security Agent and NetBIOS Protection is enabled. ...
(NT-Bugtraq)
Sygate Security Bulletin SS20030221-0001
... When first responding to the advisory, ... vulnerability was reporting that the Sygate Personal Firewall process itself ... prevent this type of evasion in the Sygate Personal Firewall Process itself. ... this vulnerability, Oliver Lavery, it was determined that the report ...
(Vuln-Dev)
Sygate Security Bulletin SS20030221-0001
... When first responding to the advisory, ... vulnerability was reporting that the Sygate Personal Firewall process itself ... prevent this type of evasion in the Sygate Personal Firewall Process itself. ... this vulnerability, Oliver Lavery, it was determined that the report ...
(Bugtraq)
[NT] Sygate Personal Firewall 5.0 IP Spoofing Vulnerability
... Sygate Personal Firewall 5.0 for windows platform contains IP Spoofing ... This vulnerability could allow an attacker with a source IP ... of 127.0.0.1 to Attack the host protected by Sygate Personal firewall ... [Host with SPF] ...
(Securiteam)