lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 27 Oct 2006 15:32:49 -0400
From: <jay.tomas@...osecguru.com>
To: <security@...ichsoft.com>
Cc: <bugtraq@...urityfocus.com>
Subject: Re: vulnerability in Symantec products

Ummm are you for real? You are posting this as a vulnerability?

Chances are if they have trojaned or gained priviledged access to your workstation it shouldnt be
to much trouble to alter config of firewall or skirt outbound connectivity.

Unwise default config, perhaps. Vulnerability ... naah.

Jay

----- Original Message -----
From: security@...ichsoft.com
To: bugtraq@...urityfocus.com
Sent: 26 Oct 2006 22:30:11 -0000
Subject: vulnerability in Symantec products

Critical vulnerability was discovered in Symantec Internet Security 2005, posible afected products:
Symantec Personal Firewall 2005, Symantec Internet Security 2004, Symantec Personal Firewall 2004, 
Symantec Personal Firewall 2003, Symantec Internet Security 2006, Symantec Personal Firewall 2006.

Defective program feature allows to establish remote connections undetected - thus creating a
perfect exploit for trojans and hacker activities. Symantec products generally have a rule "Default
outbound NetBIOS", allowing programs to establish direct IP connections on ports 137, 138, 139.
Therefore, trojan programs can undetectably bypass Symantec firewall and connect on these ports to
attacker's remote server. However, resolving IP from DNS will be detected by the firewall.

Solutions:
- Disable "Default outbound NetBIOS" rule
- Modify "Default outbound NetBIOS" rule and restrict connections only to LAN

--------------------------------------------------
DimichSoft Security Group
http://www.dimichsoft.com/security.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ