Tiny FW v3.0 Vulnerabilities

Discussion in 'other firewalls' started by Paul Wilders, Aug 21, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Tested under Win2k Advance Server / WinNT 4.0

    Vendor Status: No Response for 1 1/2 weeks after the notice. They just informed us that they already gave notice to their Development team

    Vendors website: http://www.tinysoftware.com

    Severity: High

    Overview

    Tiny Personal Firewall 3.0 is ideal for standalone computers or for trusted experienced users in corporate environment. It protects personal computers against network attacks, worms, trojans and viruses and manages the access of computer processes (programs) to computer resources (memory, files, devices). This was said on their web-site as it goes.

    Tiny Personal Firewall 3.0 for windows platform contains Denial of Service vulnerabilities in its Personal Firewall Agent module specifically the activity logger tab. These vulnerabilities could allow an attacker to crash the operating system consuming 100% of your CPU resources.

    Details

    1] DoS vulnerability with Tiny Personal Firewall 3.0 Default Installation

    - By simply portscanning the host with Tiny Personal Firewall 3.0 default install by sending multiple SYN, UDP, ICMP and TCP full Connect through all its ports and as the user browses its Personal Firewall Agent module firewall Log tab. The user can cause a crash to its own operating system by just clicking or viewing the Activity tab of the said module.

    Note: With WinNT 4.0 with Sp6a workaround is not possible.

    2] IP spoofing and DoS vulnerability

    - It is quite similar to the first one but this vulnerability comes in with the fully configured Tiny Personal Firewall 3.0 and Setting up the personal firewall to HIGH Security. The Personal firewall is having problem blocking packets with Spoof source address <firewall's own IP address>.

    Workaround:

    1] Simply change the permission for the rules under System Applications on Inbound ICMP(LAN1) to ask user.

    2] This vulnerability has no work around. Even if you block all the IP addresses, protocols and ports, the Firewall will fail to handle the attack.

    note: info provided by a third party - Forum Admin
     
  2. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi;

    Paul, do you know a good site where one can test his firewall's ability to sustain the severe DoS-type attacks you mention?

    Not easy to find, and still would be very nice for the average user (among others, meaning myself) since for the time being most people have to rely on reports rather than their own testing to draw some opinion about firewall's abilities in this field.

    Pcflank's exploits test seemed to do a good job until recently, but it now seems to me this test is ten times easier to pass than it previously was, although I didn't switch firewalls nor made any change in my OS settings.

    Rgds, Crockett :)
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Crockett,

    Nope (not being said there aren't any!). Most probably, anyone having the bandwidth - his own or from compromised systems - could use Trinoo, Tribe or Stacheldraht to probe systems. One could possibly arrange an "individual" probe with a trusted party to do so - although it's far from recommended - and at the least not allowed by any ISP. I'm no game here, that's for sure ;)

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.