Ingate Firewall allows unauthorized access to resources
| ingate-firewall-unauth-access (19123) |  Medium Risk |
Description:
Ingate Firewall could allow a remote attacker to gain unauthorized access to firewall protected resources. If a user has an active PPTP connection when an administrator disables the user, the PPTP connection remains active until the user disconnects. This could allow the user to continue to have unauthorized access to resources.
Platforms Affected:
- Ingate, Ingate Firewall 4.1.3
Remedy:
Upgrade to the latest version of Ingate Firewall (4.2.2 or later), available from the inGate Upgrades Web site. See References.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Thu Jan 27 2005 - 04:40:38 CST, Ingate Firewall: Removed PPTP tunnels not deactivated at http://archives.neohapsis.com/archives/bugtraq/2005-01/0303.html.
- inGate Upgrades Web site, Release notice for Ingate FirewallŪ 4.2.2 and Ingate SIParatorŪ 4.2.2 at http://www.ingate.com/relnote-422.php.
- inGate Web site, Ingate Firewalls at http://www.ingate.com/firewalls.php.
- BID-12383: Ingate Firewall Persistent PPTP Tunnel Vulnerability
- CVE-2005-0311: Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.
- SA14060: Ingate Firewall Active Blocked PPTP Tunnel Security Issue
- SECTRACK ID: 1013022: Ingate Firewall Fails to Disconnect PPTP Connections When a User is Disabled
Reported:
Jan 26, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net