Sybergen Secure Desktop 2.1 Multiple Vulnerabilities
BID:1417
Info
Sybergen Secure Desktop 2.1 Multiple Vulnerabilities
| Bugtraq ID: | 1417 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 30 2000 12:00AM |
| Updated: | Jun 30 2000 12:00AM |
| Credit: | Posted to Bugtraq on June 30, 2000 by Anders Ingeborn <[email protected]>. |
| Vulnerable: |
Sybergen Secure Desktop 2.1 |
| Not Vulnerable: | |
Discussion
Sybergen Secure Desktop 2.1 Multiple Vulnerabilities
Multiple vulnerabilities exist in Sybergen Secure Desktop, a personal firewall application.
Secure Desktop does not properly protect the host from spoofed ICMP type 9 router advertisements. Therefore, a malicious remote user may modify the the default gateway routing table which opens up the possibility of a number of vulnerabilities, including redirecting outbound traffic to an unauthorized source or man-in-the-middle attacks.
The firewall can be disabled by a remote user if they clear the routing table of all entries. Restarting the application is required in order to regain normal functionality.
Multiple vulnerabilities exist in Sybergen Secure Desktop, a personal firewall application.
Secure Desktop does not properly protect the host from spoofed ICMP type 9 router advertisements. Therefore, a malicious remote user may modify the the default gateway routing table which opens up the possibility of a number of vulnerabilities, including redirecting outbound traffic to an unauthorized source or man-in-the-middle attacks.
The firewall can be disabled by a remote user if they clear the routing table of all entries. Restarting the application is required in order to regain normal functionality.
Exploit / POC
Solution / Fix
Sybergen Secure Desktop 2.1 Multiple Vulnerabilities
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].