SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (Firewall)  >   Symantec Gateway Security Vendors:   Symantec
Symantec Gateway Security Lets Remote Users Modify the Configuration
SecurityTracker Alert ID:  1011388
SecurityTracker URL:  http://securitytracker.com/id/1011388
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 22 2004
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Symantec Gateway Security 320, 360, 360R; prior to firmware build 622
Description:   Several vulnerabilities were reported in Symantec Gateway Security. A remote user can determine the services active on the target device. A remote user can also determine and modify the device configuration settings. Symantec Enterprise Firewall is also affected.

Mike Sues of Rigel Kent Security reported that a remote user can conduct a UDP port scan with a source port of UDP 53 against the WAN interface of the target device to determine the services that are active on the device, such as tftpd, snmpd, and isakmp.

It is also reported that the device uses a standard default SNMP community string. A remote user can use a source port of UDP 53 to connect to the SNMP port on the target device and issue GET and SET requests to view and modify the firewall's configuration. It is not possible for the administrator to disable the SNMP service or change the SNMP community string.
Impact:   A remote user can determine the services active on the target device.

A remote user can also determine and modify the device configuration settings.
Solution:   The vendor has released a fixed version (firmware build 622).
Vendor URL:  www..symantec.com/ (Links to External Site)
Cause:   Access control error, Authentication error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Wed, 22 Sep 2004 14:50:12 -0400
Subject:  Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products



               Rigel Kent Security & Advisory Services Inc
		       http://www.rigelksecurity.com

                       Advisory # RK-001-04

                            Mike Sues
                       September 22, 2004


"Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security
Products"


  Platform	:	Symantec Enterprise Firewall/VPN Appliances
			100, 200, 200R
			Symantec Gateway Security 320
			Symantec Gateway Security 320, 360, 360R
			
  Version	:     100, 200, 200R
				Prior to firmware build 1.63
			320, 360, 360R
				Prior to build 622

  Configuration	:	Default
  	

Abstract:
========

  Three high-risk vulnerabilities have been identified in the Symantec
  Enterprise Firewall products and two in the Gateway products. All are
  remotely exploitable and allow an attacker to perform a denial of service
  attack against the firewall, identify active services in the WAN interface
  and exploit one of these services to collect and alter the firewall or
  gateway's configuration.


Vulnerabilities:
===============


  Issue RK-001-04-01:
	Denial of service caused by a fast UDP port scan
    Severity:
	High
    Description:
	A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN
	interface of the firewall will cause the firewall to lock up and
stop
	responding. Turning the power off and on will reset the firewall.

	The Gateway Security products are not affected by this issue.
    Countermeasure:
	Install firmware build 1.63



  Issue RK-001-04-02:
	Filter bypass on WAN interface
    Severity:
	High
    Description:
	A UDP port scan against the WAN interface of the firewall from a
source
	port of UDP 53 bypasses filter on WAN interface and exposes the
following
	active services,

		tftpd
		snmpd
		isakmp

	All other ports are reported as closed. 
    Countermeasure:
	100, 200, 200R
		Install firmware build 1.63
	320, 360, 360R
		Install firmware build 622



  Issue RK-001-04-03:
	Default read/write community string on SNMP service
    Severity:
	High
    Description:
	The default read/write community string used by the firewall is
public,
	allowing an attacker to collect and alter the firewall's
configuration.
	By combining this with RK-001-04-02, an attacker is able to exploit
this
	against the WAN interface by sending SNMP GET/SET requests whose
source
	port is UDP 53.

	Moreover, the administrative interface for the firewall does not
allow the
	operator to disable the service nor change the community strings. 
    Countermeasure:
	100, 200, 200R
		Install firmware build 1.63
	320, 360, 360R
		Install firmware build 622


Credits:
=======

  Rigel Kent Security & Advisory Services would like to thank Symantec for
  their prompt response and action.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC