NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q2

[sec-adv] Privatefirewall Filter Bypass Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue May 27 2003 - 06:16:16 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Privatefirewall Filter Bypass Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/8861/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Privatefirewall 3.x

DESCRIPTION:
A vulnerability has been identified in Privatefirewall, which can be
exploited to bypass the filter.

The problem is that Privatefirewall's filter cannot detect neither
FIN nor Xmas scans. This can be exploited to bypass the filter and
perform a port scan on the system.

The vulnerability has been reported in version 3.0. Other versions
may also be affected.

NOTE:
The severity of this vulnerability has been set to "not critical",
because Microsoft did not follow the standard defined in RFC 793 when
implementing the TCP/IP stack in Windows. Normally an open port
should ignore packets sent by a FIN or Xmas scan and a closed port
should reply with a RST packet.

However, in Windows an open port does not ignore the request but
instead returns a RST packet. FIN and Xmas scans conducted against a
Windows system will therefore always report all ports as closed and
will not aid a malicious person in detecting listening services.

SOLUTION:
Install another personal firewall if this is regarded as a security
issue.

REPORTED BY / CREDITS:
UkR-XblP

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]