From anders.ingeborn@INFOSEC.SE Wed Aug 2 02:33:26 2000 From: anders.ingeborn@INFOSEC.SE To: BUGTRAQ@SECURITYFOCUS.COM Date: Fri, 30 Jun 2000 15:58:31 +0100 Subject: Multiple vulnerabilities in Sybergen Secure Desktop [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] Infosec Security Vulnerability Report No: Infosec.20000625.sybergen.a =============================== Vulnerability Summary --------------------- Problem 1: Sybergen Secure Desktop does not protect against false router advertisements. Problem 2: Sybergen Secure Desktop dies when a user clears the routing table from default gateway entries. Threat 1: An attacker can add false default gateway entries to a Windows98 routing table, even when protected by Sybergen Secure Desktop. Threat 2: An user can accidently kill the Sybergen Secure Desktop personal firewall. Platform: Sybergen Secure Desktop 2.1 build 455 on Windows98 Solution: Currently there is no patch that corrects this problem Vulnerability Description ------------------------- The first vulnerability is that Sybergen Secure Desktop does not protect against false router advertisements, ICMP type 9. This means that an attacker can add new default route entries to the victim's routing table (that in turn is a known vulnerability for Windows98, see L0pht Security Advisory August 11, 1999). The vulnerability is present even when Sybergen Secure Desktop is set to ultra-high security level. The second vulnerability occurs when the routing table is full of bogus entries and the user clears it from default routes (ms-dos "route -f"). Then the firewall completely and quietly dies. The user has to restart the computer to make Sybergen Secure Desktop work again. Additional Information ---------------------- Sybergen Technical Support was notified about these vulnerabilities approximately one week ago. For more information about Sybergen, see www.sybergen.com Reported by: Anders Ingeborn, ingeborn@infosec.se ------------------------------- Infosec is a Swedish based tiger team that has been working with information security since 1982. Infosec has been doing network penetration tests and technical audits of computer systems since 1996. Infosec is now hiring in Sweden and the United Kingdom. Please contact Christer Stafferöd for more information. Phone: +46-8-6621070 E-mail: stafferod@infosec.se