-
March 3rd, 2002, 02:43 AM
#1
Vulnerability: Tiny Personal Firewall Locked Terminal Bypass
Tiny Personal Firewall Locked Terminal Bypass Vulnerability
An issue has been reported in Tiny Personal Firewall which could allow a local attacker to permit users unauthorized access to Tiny Personal Firewall. Reportedly, this is possible even if the local system is locked.
A user scanning the network could initiate an alert dialogue in the foreground of a locked workstation with the firewall installed. The dialogue box requires the user to either permit or deny input. If the workstation is unattended the local attacker could select permit and enter information to the firewall program, without the legitimate user of the services knowledge.
Potentially this issue could allow unauthorized users to modify the Personal Tiny Firewal settings.
Remote: No
Exploit: There is no exploit.
Vulnerable: Tiny Personal Firewall 2.0.15
-
March 3rd, 2002, 03:07 AM
#2
Senior Member
Thanks for the heads up,
I am glad that I do not have to worry about local attacks on my network. {I have a home network}
\"To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.\"
-Unknown
-
March 3rd, 2002, 03:32 AM
#3
thks s0nIc. I don't use tiny but was considering it. I guess they all have problems.
Trappedagainbyperfectlogic.
-
March 3rd, 2002, 03:55 AM
#4
People! Wake Up. Tiny gave up on their products already. Instead, jump to the well know Sygate Personal Firewall Pro or Kerio Personal Firewall 2.1 b5.
-
March 3rd, 2002, 03:57 AM
#5
hehehehe all firewalls have flaws even ZoneAlarm or BlackIce or Tiny..
but yeah.. ill juz bring in the LATEST flaw.. hahahha
the good part about this vulnerability is that its local.. so it can be handled easily..
though.. it can be remote.. lets say server uses tiny.. intruder scanns the network and initiate an alert dialogue.. The dialogue box requires the user to either permit or deny input. If the workstation is unattended the local attacker could select permit and enter information to the firewall program, without the legitimate user of the services knowledge.
Potentially this issue could allow unauthorized users to modify the Personal Tiny Firewal settings. blah blah blah..
well what if the intruder has access to Hyper Terminal and can emulate the Server desktop in his box.. that would be easy...
considering Hyper Terminal is a legal software used by admins to remotely admin/configure their servers..
so yeah.. theoratically it can be remote..
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|