The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


KPMG-2002017: Snapgear Lite+ Firewall Denial of Service


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 2 May 2002 13:56:53 +0200
From: =?iso-8859-1?Q?Peter_Gr=FCndl?= <pgrundl@kpmg.dk.>
To: bugtraq <bugtraq@securityfocus.com.>
Subject: KPMG-2002017: Snapgear Lite+ Firewall Denial of Service

--------------------------------------------------------------------

Title: Snapgear Lite+ Firewall Denial of Service

BUG-ID: 2002017
Released: 02nd May 2002
--------------------------------------------------------------------

Problem:
========
Several issues with the Snapgear Lite+ Firewall could allow a
malicious user to cause a Denial of Service situation, where part
of or all of the Firewall would cease to function.


Vulnerable:
===========
- Snapgear Lite+ V1.5.3 (all issues)
- Snapgear Lite+ V1.5.4 (some issues)


Not vulnerable:
===============
- Snapgear Lite+ V1.6.0


Product Description:

Quoted from the vendors webpage: "The SnapGear LITE+ is an ethernet/broadband VPN router, with one 10/100BaseT WAN port, one 4-port 10/100BaseT switch on the LAN, and one serial port that can have a modem attached for narrowband fallback to dial-out." Details: ======== There are four general areas in which we found problems with the way the Snapgear Firewall handled malicious traffic: HTTP) If external web management had been enabled, creating 50 connections to the web port and cycling through them would result in the firewall crashing. In V1.5.4 this would only result in web management crashing. PPTP) If PPTP had been enabled, creating 50 connections to the PPTP port and cycling through them would result in the firewall crashing. IPSEC) Sending a 0 length UDP packet to UDP port 500 would result in IPSEC exiting. This would result in IPSEC no longer working. This issue was resolved in v1.5.4. IP-OPTIONS) Sending a stream of approx. 7000 packets with malformed IP options through the firewall would result in the firewall crashing. This stream could be sent from the internal network or externally. Vendor URL: =========== You can visit the vendors webpage here: http://www.snapgear.com Vendor response: ================ The vendor was contacted about the first issue on the 14th of February, 2002 and subsequently on the 7th of March, 2002 about the remainding issues. On the 10th of April, 2002 we received a beta version of v1.6.0, which corrected the issues. On the 2nd of May, 2002 we received notification that V1.6.0 had been released. Corrective action:
Install firmware version 1.6.0, which is available here: http://www.snapgear.com/downloads.html Authors: Andreas Sandor ([email protected]) & Peter GrЭndl ([email protected]) -------------------------------------------------------------------- KPMG is not responsible for the misuse of the information we provide through our security advisories. These advisories are a service to the professional security community. In no event shall KPMG be lia- ble for any consequences whatsoever arising out of or in connection with the use or spread of this information. --------------------------------------------------------------------

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру