From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Jan 28 2005 - 09:51:01 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Ingate Firewall Active Blocked PPTP Tunnel Security Issue

SECUNIA ADVISORY ID:
SA14060

VERIFY ADVISORY:
http://secunia.com/advisories/14060/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From local network

OPERATING SYSTEM:
Ingate Firewall 4.x
http://secunia.com/product/4050/

DESCRIPTION:
Neil Watson has reported a security issue in Ingate Firewall, which
may allow PPTP users to bypass certain security restrictions.

The problem is that an active PPTP tunnel is not teared down when the
PPTP user is disabled. This allows a blocked PPTP user with an active
PPTP tunnel to continue accessing resources until the user
disconnects.

The problem has been reported in version 4.1.3 and prior.

SOLUTION:
The vendor recommends turning off the PPTP server when disabling PPTP
users.

Ingate will reportedly provide a fix in a future upgrade.

PROVIDED AND/OR DISCOVERED BY:
Neil Watson

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]