[REVS] Having Fun with Sensor Appliance Proventia GX5108 and GX5008 Insecurities (Part One)

2007-07-11T00:00:00
ID SECURITYVULNS:DOC:17461
Type securityvulns
Reporter Securityvulns
Modified 2007-07-11T00:00:00

Description

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html


Having Fun with Sensor Appliance Proventia GX5108 and GX5008 Insecurities (Part One)


SUMMARY

Several security vulnerabilities have been found in ISS's Proventia appliance, these vulnerabilities allow remote attackers to cause cross site scripting vulnerabilities in their user interface, cause the PHP scripts running on the server to include remote files as well as due to the usage of old OpenSSH (and in compatibility mode) to allow brute forcing of usernames and passwords with a timing attack.

DETAILS

Introduction: Proventia Network IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) stops malicious Internet attacks before they impact your organization, the only effective way to preserve network availability, reduce the burden on your IT resources and prevent security breaches.

This document presents a couple of ideas for exploiting weaknesses in typical (local and remote) box configurations appliance, the second part will be related SITE PROTECTOR and administration vulnerabilities.

The paper is based on the bypassing of filtration of a common web application security hole known as XSS(Cross site scripting), RFI (Remote File Inclusion) and common attacks on services / ports.

ADDITIONAL INFORMATION

The information has been provided by <mailto:ahernandez@sybsecurity.com> Alex Hernandez. The original article can be found at:
<http://www.sybsecurity.com/hack-proventia-1.pdf> http://www.sybsecurity.com/hack-proventia-1.pdf

========================================

This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================

DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.