Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

backweb-spoof.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 33 Views

Vulnerability in BackWeb Protocol allows spoofing; upgrade to BackWeb 5.0 for security fix.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`ISS Security Advisory  
January 18, 1999  
  
Vulnerability in the BackWeb Polite Agent Protocol  
  
  
Synopsis:  
  
Internet Security Systems (ISS) X-Force discovered a vulnerability in the  
BackWeb Technologies (http://www.backweb.com/home.html) BackWeb Polite  
Agent Protocol that allows a user on a local network on which BackWeb  
clients operate to spoof a BackWeb server. Hardware and software vendors  
often include BackWeb software in their distribution to facilitate remote  
distribution of software updates.  
  
  
Affected versions:  
  
ISS X-Force has confirmed that this vulnerability exists on all versions  
of the BackWeb client using the Polite Agent Protocol for communication  
with BackWeb servers.  
  
  
Fix Information:  
  
Until a suitable security mechanism is made available by the vendor, ISS  
recommends upgrading to BackWeb 5.0, which supports VeriSign digital  
certificates for enhanced security.  
  
  
Description:  
  
The BackWeb Polite Agent Protocol is a UDP-based protocol that BackWeb  
clients use to communicate with BackWeb servers. BackWeb's "anti-spoofing  
mechanism" for delivery of UDP data to the client and server is the  
exchange of a 32-bit integer, randomly generated by the client each time  
it requests data from the server. This integer is appended to each packet  
of a specific piece of BackWeb data (InfoPak). By examining these packets  
in transport, an attacker may send false data to a BackWeb client, acting  
as the real BackWeb server.  
  
  
Exploit Information:  
  
BackWeb uses a sequencing method to maintain packet data integrity. Any  
attacker who can examine a local network can determine the 32-bit integer  
and sequence numbers. A race condition exists where the attacker may  
deliver a false response to the client 'match request,' which is the  
first packet delivered by the client to determine whether or not the  
server should send data to it. If this spoofed response reaches the  
client before the real BackWeb server responds, the attacker may  
continuously write realistic-looking BackWeb packets to the network in  
response to the client request. These packets may direct the client to  
update files on its drive, execute programs, or display messages on the  
client screen. While client security settings may not be changed, other  
client settings such as displayed data may be changed. Depending on the  
client security settings, an attacker may send executable files to be  
executed on the client machine. By default, BackWeb's security settings  
disable automatic execution of downloaded files. BackWeb strongly  
recommends that customers do not enable automatic execution of downloaded  
files when using software prior to version 5.0 unless other security  
mechanisms are implemented separate from the BackWeb system. Customers  
using BackWeb client version 5.0 and above can enable automatic execution  
of files that will only automatically execute a file after verifying that  
the file is digitally signed and that the signing certificate is  
approved.  
  
__________  
  
Copyright (c) 1999 by Internet Security Systems, Inc.  
  
Permission is hereby granted for the redistribution of this alert  
electronically. It is not to be edited in any way without express  
consent of X-Force. If you wish to reprint the whole or any part of this  
alert in any other medium excluding electronic medium, please e-mail  
[email protected] for permission.  
  
Disclaimer:  
  
The information within this paper may change without notice. Use of this  
information constitutes acceptance for use in an AS IS condition. There  
are NO warranties with regard to this information. In no event shall the  
author be liable for any damages whatsoever arising out of or in  
connection with the use or spread of this information. Any use of this  
information is at the user's own risk.  
  
X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html,  
as well as on MIT's PGP key server and PGP.com's key server.  
  
X-Force Vulnerability and Threat Database: http://www.iss.net/xforce  
  
Please send suggestions, updates, and comments to: X-Force  
<[email protected]> of Internet Security Systems, Inc.  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
backweb vulnerabilitypolite agent protocoliss x-forcespoofing attackupgrade recommendation.
33
.json
Report