xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

Symantec企业防火墙模式过滤绕过漏洞


发布时间:2003-04-09
更新时间:2003-04-09
严重程度:
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式

BUGTRAQ ID:7196
CVE(CAN) ID:CAN-2003-0106

受影响系统
Symantec Enterprise Firewall 7.0 Solaris          
   -Sun Solaris 2.6                                
   -Sun Solaris 7.0                                
Symantec Enterprise Firewall 7.0 NT/2000          
   -Microsoft Windows 2000 Advanced Server        
   -Microsoft Windows 2000 Advanced Server SP1    
   -Microsoft Windows 2000 Advanced Server SP2    
   -Microsoft Windows 2000 Datacenter Server      
   -Microsoft Windows 2000 Datacenter Server SP1  
   -Microsoft Windows 2000 Datacenter Server SP2  
   -Microsoft Windows 2000 Professional            
   -Microsoft Windows 2000 Professional SP1        
   -Microsoft Windows 2000 Professional SP2        
   -Microsoft Windows 2000 Server                  
   -Microsoft Windows 2000 Server SP1              
   -Microsoft Windows 2000 Server SP2              
   -Microsoft Windows 2000 Terminal Services      
   -Microsoft Windows 2000 Terminal Services SP1  
   -Microsoft Windows 2000 Terminal Services SP2  
   -Microsoft Windows NT Enterprise Server 4.0    
   -Microsoft Windows NT Enterprise Server 4.0 SP1
   -Microsoft Windows NT Enterprise Server 4.0 SP2
   -Microsoft Windows NT Enterprise Server 4.0 SP3
   -Microsoft Windows NT Enterprise Server 4.0 SP4
   -Microsoft Windows NT Enterprise Server 4.0 SP5
   -Microsoft Windows NT Enterprise Server 4.0 SP6
   -Microsoft Windows NT Enterprise Server 4.0 SP6a
   -Microsoft Windows NT Server 4.0                
   -Microsoft Windows NT Server 4.0 SP1            
   -Microsoft Windows NT Server 4.0 SP2            
   -Microsoft Windows NT Server 4.0 SP3            
   -Microsoft Windows NT Server 4.0 SP4            
   -Microsoft Windows NT Server 4.0 SP5            
   -Microsoft Windows NT Server 4.0 SP6            
   -Microsoft Windows NT Server 4.0 SP6a          
   -Microsoft Windows NT Terminal Server 4.0      
   -Microsoft Windows NT Terminal Server 4.0 alpha
   -Microsoft Windows NT Terminal Server 4.0 SP1  
   -Microsoft Windows NT Terminal Server 4.0 SP2  
   -Microsoft Windows NT Terminal Server 4.0 SP3  
   -Microsoft Windows NT Terminal Server 4.0 SP4  
   -Microsoft Windows NT Terminal Server 4.0 SP5  
   -Microsoft Windows NT Terminal Server 4.0 SP6  
   -Microsoft Windows NT Terminal Server 4.0 SP6a  
   -Microsoft Windows NT Workstation 4.0          
   -Microsoft Windows NT Workstation 4.0 SP1      
   -Microsoft Windows NT Workstation 4.0 SP2      
   -Microsoft Windows NT Workstation 4.0 SP3      
   -Microsoft Windows NT Workstation 4.0 SP4      
   -Microsoft Windows NT Workstation 4.0 SP5      
   -Microsoft Windows NT Workstation 4.0 SP6      
   -Microsoft Windows NT Workstation 4.0 SP6a
详细描述
Symantec企业防火墙允许设置阻塞包含某些模式的HTTP请求,当用户从防火墙外提交一个包含特定模式的HTTP请求时,这个HTTP请求会被阻塞掉。如果同样的请求被编了码,如Unicode、UTF-8等,则请求过滤就会被绕过。

解决方案
厂商发布了一个如何减轻威胁的指导:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754

相关信息
Martin O'Neal <martin.oneal@corsaire.com>

Symantec Enterprise Firewall (SEF) HTTP URL pattern evasion issue
http://www.corsaire.com/advisories/030224-002.txt
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved