Bugtraq mailing list archives
Multiple vulnerabilities in Sybergen Secure Desktop
From: anders.ingeborn () INFOSEC SE (anders.ingeborn () INFOSEC SE)
Date: Fri, 30 Jun 2000 15:58:31 +0100
Infosec Security Vulnerability Report
No: Infosec.20000625.sybergen.a
===============================
Vulnerability Summary
---------------------
Problem 1: Sybergen Secure Desktop does not protect
against false router advertisements.
Problem 2: Sybergen Secure Desktop dies when a user
clears the routing table from default
gateway entries.
Threat 1: An attacker can add false default gateway
entries to a Windows98 routing table,
even when protected by Sybergen Secure
Desktop.
Threat 2: An user can accidently kill the Sybergen
Secure Desktop personal firewall.
Platform: Sybergen Secure Desktop 2.1 build 455 on
Windows98
Solution: Currently there is no patch that corrects
this problem
Vulnerability Description
-------------------------
The first vulnerability is that Sybergen Secure Desktop does not protect against
false router advertisements, ICMP type 9. This means that an attacker can add
new default route entries to the victim's routing table (that in turn is a known
vulnerability for Windows98, see L0pht Security Advisory August 11, 1999). The
vulnerability is present even when Sybergen Secure Desktop is set to ultra-high
security level.
The second vulnerability occurs when the routing table is full of bogus entries
and the user clears it from default routes (ms-dos "route -f"). Then the
firewall completely and quietly dies. The user has to restart the computer to
make Sybergen Secure Desktop work again.
Additional Information
----------------------
Sybergen Technical Support was notified about these vulnerabilities
approximately one week ago. For more information about Sybergen, see
www.sybergen.com
Reported by: Anders Ingeborn, ingeborn () infosec se
-------------------------------
Infosec is a Swedish based tiger team that has been working with information
security since 1982. Infosec has been doing network penetration tests and
technical audits of computer systems since 1996. Infosec is now hiring in Sweden
and the United Kingdom. Please contact Christer Stafferöd for more information.
Phone: +46-8-6621070 E-mail: stafferod () infosec se
Current thread:
- Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
- Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
- SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Update to Integrity Protection Driver Available IPD (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 29)
- Buggy ARP handling in Windoze Paul Starzetz (Jun 29)
- Re: Buggy ARP handling in Windoze Jurjen Oskam (Jun 29)
- Re: Buggy ARP handling in Windoze Steven Alexander (Jun 29)