Next Page >>
Firewall
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Zone-Based Policy
Firewall Vulnerability
Advisory ID: cisco-sa-20090923-ios-fw
Revision 1.0
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* Transparent Firewall Packet Buffer Exhaustion Vulnerability
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* Routing Information Protocol (RIP) Denial of Service
Vulnerability
* Unauthorized File System Access Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall
Services Module
Advisory ID: cisco-sa-20111005-fwsm
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Firewall Application
Inspection Control Vulnerability
Advisory ID: cisco-sa-20080924-iosfw
http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml
Validated Vulnerable:
All versions prior to 12/07/2010
Discussion:
Palo Alto Networks firewall claims it can “identify and control applications regardless of port, protocol, encryption, or evasive tactic.” Due to the need for organizations to support protocols and applications not yet categorized by Palo Alto there is an underlying logic issue. Unless a company is willing to disable all services except for those well-known by the Palo Alto firewall risk will be constantly present. I spent a couple hours testing the Palo Alto Network firewall to see if I could puncture the firewall and achieve remote command-and-control.
The Palo Alto Networks firewall uses “Application Visibility” and “Application Control” functions in order to identify services and apply controls across the firewall segments. An attacker can leverage a phishing scam or a vulnerabile online forum to distribute a remote command-and-control payload to a machine behind the firewall. The attacked machine will then initiate an outbound command-and-control connection. Palo Alto Networks Firewall simply identifies it as “Unknown TCP.”
Exploit:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based
Firewall Vulnerabilities
Advisory ID: cisco-sa-20110928-zbfw
Revision 1.0
>>> links/info extended (Susan, Thor and Tom) However, in the end, it
>>> sounded
>>> like:
>>>
>>> a) As a sysadmin in charge of maintaining XP systems along with a whole
>>> shebang of other mix setups, unless I deploy a "better" firewall
>>> solution, I
>>> seem to be SOL.
>>>
>>> b) M$ is trying to boost Win7 sales... Whoopdee-@#$%#^-doo... As was
>>> stated
Thank you all for your valuable comments... Indeed I appreciated some of the
links/info extended (Susan, Thor and Tom) However, in the end, it sounded
like:
a) As a sysadmin in charge of maintaining XP systems along with a whole
shebang of other mix setups, unless I deploy a "better" firewall solution, I
seem to be SOL.
b) M$ is trying to boost Win7 sales... Whoopdee-@#$%#^-doo... As was stated
earlier, they did the exact same thing back in Win2K days... Nothing new
here... :/ As Larry and Thor pointed out, what sux is that despite M$
Hey Larry- hope everything's going well...
When you've got a systemic vulnerability, in this case the TCP/IP stack itself, exploitation information must be explicit and definitive. I'm fine with risk classification, and I appreciate efforts to categorize risk into manageable exposure metrics, but we shouldn't have to infer potential vulnerability information from vague disclosure data. I know many response teams base patch paths on the published severity, but one also has to be able to make decisions on their own. For me, no big deal. But it's not that simple for others.
But there's not enough information for me to make that call. Is it for ANY "listening service?" TCP or UPD? Does the "statefull" firewall introduced in subsequent versions stop it?
The answers are "yes," "yes," and "no." They should just say that. Is it "low" because the firewall doesn't have any exceptions by default? If so, that's silly. Everyone using XP for anything has incoming connections for something, and well known if on a domain. I feel sorry for Diebold and NEC with all the ATMs out there running XP, but fortunately, I'm not responsible for clients using their systems anymore :)
Anyway, the DoS suxx0rz, but I'm more irritated with the lack of real, straight-forward, no-nonsense information and technical sleight of hand. The information should be painfully obvious, not obviously painful.
> Thank you all for your valuable comments... Indeed I appreciated some of the
> links/info extended (Susan, Thor and Tom) However, in the end, it sounded
> like:
>
> a) As a sysadmin in charge of maintaining XP systems along with a whole
> shebang of other mix setups, unless I deploy a "better" firewall solution, I
> seem to be SOL.
>
> b) M$ is trying to boost Win7 sales... Whoopdee-@#$%#^-doo... As was stated
> earlier, they did the exact same thing back in Win2K days... Nothing new
> here... :/ As Larry and Thor pointed out, what sux is that despite M$
> Thank you all for your valuable comments... Indeed I appreciated some of the
> links/info extended (Susan, Thor and Tom) However, in the end, it sounded
> like:
>
> a) As a sysadmin in charge of maintaining XP systems along with a whole
> shebang of other mix setups, unless I deploy a "better" firewall solution, I
> seem to be SOL.
>
> b) M$ is trying to boost Win7 sales... Whoopdee-@#$%#^-doo... As was stated
> earlier, they did the exact same thing back in Win2K days... Nothing new
> here... :/ As Larry and Thor pointed out, what sux is that despite M$
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Firewall Services Module Skinny Client
Control Protocol Inspection Denial of Service Vulnerability
Document ID: 112893
Advisory ID: cisco-sa-20110223-fwsm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall
Services Module
Advisory ID: cisco-sa-20100804-fwsm
Revision 1.0
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Insufficient argument validation of hooked SSDT functions
on multiple Antivirus and Firewalls
*Advisory Information*
Title: Insufficient argument validation of hooked SSDT functions on
Trustwave's SpiderLabs Security Advisory TWSL2011-006:
IBM Web Application Firewall Bypass
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt
Published: 2011-06-21
Version: 1.0
Vendor: IBM
Product: IBM Web Application Firewall
Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
t
> -----Original Message-----
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
____________________________________________________________________________
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
____________________________________________________________________________
An advisory by EnableSecurity.
Trustwave published a joint advisory named TWSL2009-001
ID: ES-20090500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Firewall Services Module Crafted ICMP Message
Vulnerability
Advisory ID: cisco-sa-20090819-fwsm
http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml
bulletin)
Thor (Hammer of God) wrote:
> Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
>
> 1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
>
> 2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
>
> t
>
I agree that the FAQ explanation in the advisory is vague about what
protection the firewall provides. One clue I would infer about it is
that they rated this a "Low" threat. If it were vulnerable in the
default configuration, with the firewall (or some other firewall) on,
they probably would have rated it at least Medium. If I'm wrong about
that then the "Low" rating is misleading.
Larry Seltzer
Contributing Editor, PC Magazine
larry_seltzer@ziffdavis.com
> Yeah, I know what it is and what it's for ;) That was just my subtle
way of trying to make a point. To be more explicit:
>
> 1) If you are publishing a vulnerability for which there is no patch,
and for which you have no intention of making a patch for, don't tell me
it's mitigated by ancient, unusable default firewall settings, and don't
withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S
EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say
'you can deploy firewall settings via group policy to mitigate exposure'
when the firewall obviously must be accepting network connections to get
the settings in the first place. If all it takes is any listening
vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asa
Note: The Cisco Catalyst 6500 Series Firewall Services Module (FWSM)
may be affected by some of the vulnerabilities above. A separate Cisco
Security Advisory has been published to disclose the vulnerabilities
that affect the Cisco FWSM.
The FWSM advisory is available at:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Firewall Services Module Skinny Client
Control Protocol Inspection Denial of Service Vulnerability
Advisory ID: cisco-sa-20100217-fwsm
http://www.cisco.com/warp/public/707/cisco-sa-20100217-fwsm.shtml
444
Introduction:
=============
The Barracuda Web Application Firewall provides superior protection against hackers’ attempts to exploit vulnerabilities
in Web sites or Web applications to steal data, cause denial of service or deface Web sites. By integrating application
delivery capabilities, the Barracuda Web Application Firewall is an affordable and comprehensive application firewall
that can secure Web applications, as well as increase their performance and availability.
Hi,
some further research on the firewall of Mac OS X Leopard proved, that the
firewall is altering binaries on the disc -- in some cases they refuse to
work after that.
In contrast to Tiger, the firewall in Leopard no longer operates at the
packet level but rather it works with applications, to which it permits
or denies specific network activities.
In order to unambiguously identify applications, Apple uses code
Security Advisory
---------------------------------------
Vulnerable Software: Barracuda NG Firewall / phion netfence
Homepage: http://www.barracudanetworks.com/
Found by: Wolfgang Neudorfer, Lukas Nothdurfter
Impact: Remote Command Execution with root Privileges
Severity: Critical
Product Description
Introduction:
=============
Barracuda Networks - Worldwide leader in email and Web security.
The Barracuda Spam & Virus Firewall is an integrated hardware and software solution for complete protection of
your email server. It provides a powerful, easy-to-use and affordable solution to eliminating spam and viruses
from your organization by providing the following protection:
Barracuda Spam & Virus Firewall
* Anti-spam
CSS10-01: Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability
April 5, 2010
BACKGROUND
==========
The Imperva SecureSphere Web Application Firewall protects web
applications and sensitive data against sophisticated attacks and
brute force attacks, stops online identity theft, and prevents data
leaks from applications. The Imperva SecureSphere Database Firewall
monitors and proactively protects databases from internal abuse,
Advisory Released: 15th December 2008
Abstract
Barracuda Networks Message Archiver product is vulnerable to persistent and reflected Cross-Site Scripting (XSS) attacks. Barracuda Spam Firewall, IM Firewall and Web Filter products are vulnerable to multiple reflected XSS attacks. When exploited by an authenticated user, the identified vulnerabilities can lead to Information Disclosure, Session Hijack,
access to Intranet available servers, etc.
Description
>> The quote that stands out most for me:
>> <snip>
>> During the Q&A, however, Windows users repeatedly asked Microsoft's
>> security team to explain why it wasn't patching XP, or if, in certain
>> scenarios, their machines might be at risk. "We still use Windows XP
>> and we do not use Windows Firewall," read one of the user questions.
>> "We use a third-party vendor firewall product. Even assuming that we
>> use the Windows Firewall, if there are services listening, such as
>> remote desktop, wouldn't then Windows XP be vulnerable to this?"
>>
>> "Servers are a more likely target for this attack, and your firewall
Next Page>>
|
