TUCoPS :: Web :: General :: symant1.txt

Symantec Enterprise Firewall Secure Webserver info leak

Advanced IT-Security Advisory #02-10-2002


Symantec Enterprise Firewall Secure Webserver info leak

There exists a problem in Simple, secure webserver 1.1 which is shipped with Raptor Firewall 6.5 (among others), in which an attacker can connect to the proxyserver from the outside, and issue a 
CONNECT to IP-addresses on the inside interface, and thereby determine if there are hosts present or not by inspecting the errormessage. This problem lets an attacker map out the entire topology of a 
client from the outside. 

Symantec has addressed this issue as a collateral problem in an earlier security update for the Symantec Enterprise Firewall. The Symantec Enterprise Firewall is not vulnerable to this concern if 
patched fully up-to-date.

Versions affected:
Raptor Firewall 6.5 (Windows NT)
Raptor Firewall V6.5.3 (Solaris)
Symantec Enterprise Firewall 6.5.2 (Windows 2000 and NT)

Apply official patch from Symantec


Symantec was contacted 27. August 2002. Symantec promptly tested and confirmed our findings. However, Symantec claims that this issue was fixed in a patch released late summer 2002.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH