Tiny Personal Firewall Non-standard TCP Packet Outbound Filtering Bypass

2001-12-05T04:43:16
ID OSVDB:20277
Type osvdb
Reporter Tom Liston(tliston@premmag.com)
Modified 2001-12-05T04:43:16

Description

Vulnerability Description

Tiny Personal Firewall contains a flaw that may allow a remote attacker to bypass the firewall's access control filtering mechanism. The problem is that the application fails to inspect and block outbound packets generated by alternate protocol stacks, which may allow a remote attacker to bypass outbound filterings by using non-standard TCP packets created with non-Windows protocol adapters resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Tiny Personal Firewall contains a flaw that may allow a remote attacker to bypass the firewall's access control filtering mechanism. The problem is that the application fails to inspect and block outbound packets generated by alternate protocol stacks, which may allow a remote attacker to bypass outbound filterings by using non-standard TCP packets created with non-Windows protocol adapters resulting in a loss of integrity.

References:

Vendor URL: http://www.tinysoftware.com/ Security Tracker: 1002936 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-12/0056.html ISS X-Force ID: 7671 CVE-2001-1549 Bugtraq ID: 3647