|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Axel Hammer (alpha01
grafx-design.de)Date: Mon May 14 2001 - 04:03:54 CDT
Device:
Allied Telesyn AT-AR220e, Firmware 1.08a RC14, combined DSL/Cable-Router, NAT,
Firewall, HTML-Config
This Device is equipped with the function 'Virtual Server', which is a
portmapper WAN -> LAN.
The 'Virtual Server'-functionality can be disabled completely and single
portmappings can be disabled each, too.
Problem:
If a portmapping is set-up, e.g.
Status; Global Port; Internal Port; Internal IP; Protocol
disabled; 80; 80; 192.168.0.1; TCP
AND the Virtual-Server-Feature is enabled, there is no check for the
enabled/disabled setup of each of the single portmappings. They still remain
active.
Impact:
It is possible to gain access to mapped services, which may be left unsecured.
Solution:
Unused mappings should be deleted from the list-of-portmappings. If there are no
used mappings at all, the Virtual-Server-feature should be disabled.
Vendor-Status:
Informed on 2001-14-05
Regards, Axel
P.S.: first posting ;-)
-- de: GRAFX & DESIGN marketing Michael-Imhof-Str. 17 86609 Donauwörth Tel.: +49 (0)906-705706-11 Fax: +49 (0)906-705705-12 Mobile: +49 (0)171-9321435 info
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]