Sygate Enforcer Broadcast Traffic Filter Bypass

2004-08-10T08:43:44
ID OSVDB:8525
Type osvdb
Reporter Martin O'Neal(martin.oneal@corsaire.com)
Modified 2004-08-10T08:43:44

Description

Vulnerability Description

Sygate Enforcer contains a flaw that may allow a malicious user to bypass authentication and pass broadcast traffic onto hosts. The issue is triggered when a malicious user sends broadcast traffic destined for a host protected by Sygate Enforcer. Sygate Enforcer does not limit and/or stop broadcast traffic prior to authentication. It is possible that the flaw may allow the remote attacker to send malicious broadcast traffic to the protected machine resulting in a loss of availability.

Solution Description

Upgrade to version 3.5MR1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Sygate Enforcer contains a flaw that may allow a malicious user to bypass authentication and pass broadcast traffic onto hosts. The issue is triggered when a malicious user sends broadcast traffic destined for a host protected by Sygate Enforcer. Sygate Enforcer does not limit and/or stop broadcast traffic prior to authentication. It is possible that the flaw may allow the remote attacker to send malicious broadcast traffic to the protected machine resulting in a loss of availability.

References:

Vendor URL: http://www.sygate.com Vendor URL: http://www.sygate.com/products/universal_enforcement.htm Secunia Advisory ID:12263 Related OSVDB ID: 8524 Related OSVDB ID: 8523 Other Advisory URL: http://www.corsaire.com/advisories/c031120-003.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0141.html ISS X-Force ID: 16948 CVE-2004-0593