Novell Access Management SSLVPN Server Security Bypass Vulnerability
BID:22787
Info
Novell Access Management SSLVPN Server Security Bypass Vulnerability
| Bugtraq ID: | 22787 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2007 12:00AM |
| Updated: | Mar 02 2007 05:55PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Novell Access Manager 3 |
| Not Vulnerable: | |
Discussion
Novell Access Management SSLVPN Server Security Bypass Vulnerability
Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability.
A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.
This issue affects version 3 IR1 of Novell Access Management Server.
Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability.
A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.
This issue affects version 3 IR1 of Novell Access Management Server.
Exploit / POC
Novell Access Management SSLVPN Server Security Bypass Vulnerability
To exploit this issue, an attacker requires authenticated access to a vulnerable SSL VPN server.
The attacker can use a standard browser for this attack.
A proof-of-concept modification to 'policy.txt' would be as follows:
sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};
The above example demonstrates how an attacker would allow their client machine HTTP access to any host on the remote network.
To exploit this issue, an attacker requires authenticated access to a vulnerable SSL VPN server.
The attacker can use a standard browser for this attack.
A proof-of-concept modification to 'policy.txt' would be as follows:
sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};
The above example demonstrates how an attacker would allow their client machine HTTP access to any host on the remote network.
Solution / Fix
Novell Access Management SSLVPN Server Security Bypass Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
Novell Access Management SSLVPN Server Security Bypass Vulnerability
References:
References: