Home page logo

bugtraq logo Bugtraq mailing list archives

Symantec Enterprise Firewall Secure Webserver info leak
From: AI-SEC Security Advisories <advisories () ai-sec dk>
Date: Mon, 14 Oct 2002 12:10:06 -0700

Advanced IT-Security Advisory #02-10-2002


Symantec Enterprise Firewall Secure Webserver info leak

There exists a problem in Simple, secure webserver 1.1 which is shipped with Raptor Firewall 6.5 (among others), in 
which an attacker can connect to the proxyserver from the outside, and issue a 
CONNECT to IP-addresses on the inside interface, and thereby determine if there are hosts present or not by inspecting 
the errormessage. This problem lets an attacker map out the entire topology of a 
client from the outside. 

Symantec has addressed this issue as a collateral problem in an earlier security update for the Symantec Enterprise 
Firewall. The Symantec Enterprise Firewall is not vulnerable to this concern if 
patched fully up-to-date.

Versions affected:
Raptor Firewall 6.5 (Windows NT)
Raptor Firewall V6.5.3 (Solaris)
Symantec Enterprise Firewall 6.5.2 (Windows 2000 and NT)

Apply official patch from Symantec


Symantec was contacted 27. August 2002. Symantec promptly tested and confirmed our findings. However, Symantec claims 
that this issue was fixed in a patch released late summer 2002.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]