Firewall Bypass Vulnerability

Discussion in 'other firewalls' started by S!x, Jan 13, 2005.

Thread Status:
Not open for further replies.
  1. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    A wide range of personal firewall products are vulnerable to bypass by a malicious script. Because the products do not require password verification for rulebase changes, it is possible to inject keystrokes or GUI actions via VBScript (and possibly other scripting languages) to open "backdoors" in the firewall, allowing an attacker unrestricted access.

    This flaw enables that any Trojan or similar programs can easily bypass firewall and act as a server or access to another computer. Also most of these firewalls have a "remember" option so if you bypass firewall and successfully exploit it, firewall will never ask again.

    http://ferruh.mavituna.com/article/?769
    http://www.smoothwall.net/information/news/newsitem.php?id=688

    Sorry about landing in this forum ... i don't know what happened.
    To avoid double posting i will let the admins. move it.
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi S!x,

    As you figured, I have moved your post from the updates forum to the other firewall forum ;) ...
     
  3. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Also many firewalls have a password option, I use it to keep people from messing with my configuration, or even shutting it down on the user account I make available for guests.

    Nice try, no dice for those who actually use their firewall how they should. It also has to konw how to properly interact with every firewall, even different versions which might have some variants through different versions.
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
  5. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    "This has already been discussed in the Multiple Firewall Products Bypass Vulnerability thread..."

    I guess that is what the search feature is for? :eek:
    Didn't notice it until now ... i will use it in the future.
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Since this thread has served its purpose as there is another active thread open on the subject "Multiple Firewall Products Bypass Vulnerability", I will now close this thread. Any further comments can be made in the original thread.
     
Loading...
Thread Status:
Not open for further replies.