RE: Query

[TLR () portcullis-security com]

I mean unloading the firewall altogether - The user wouldn't notive anything
happening (but that is really due to the web vulnerability I used as proof
of concept).

I think I am going to see what the vendor has to say before releasing any
more information. In this case it could be quite irresponsible of me to do
so, and quite devastating for users of the system. It could be just too
dangerous.

Don't worry, it will probably be released eventually. We are going to do
some research on other personal firewalls to see if the same can be
achieved.

Liam.



> ----------
> From:         Roland Postle[SMTP:mail () blazde co uk]
> Sent:         Tuesday, July 16, 2002 8:54 PM
> To:   TLR () portcullis-security com
> Cc:   vuln-dev () securityfocus com
> Subject:      Re: Query
>
> > Recently, whilst performing a Penetration Test I developed a Java script
> > which, with the use of some tools, disables a well known personal
> firewall.
> > This personal firewall was designed as is used so that the company can
> > centrally control what Hosts and Networks a user can access via the use
> of
> > profiles. Can you see what it is yet? Anyway, would you guys consider
> the
> > ability to disable the firewall remotely a vulnerability or does it fall
> > simply in the arena of technique in the use of already existing tools
> and
> > vulnerabilities?
>
> By 'disabling' do you mean disabling the filtering part of the firewall
> (thereby allowing all kinds of nasty traffic through) or knocking out the
> whole firewall with some kind of DoS attack? Regardless I'd say it's a
> vulnerability unless it requires knowing some kind of administrative
> password, in which case it's probably a 'feature'. Still, it might be a
> feature that makes the firewall less secure than is desirable.
>
> - Blazde