Results 1 to 5 of 5

Thread: Vulnerability: Tiny Personal Firewall Locked Terminal Bypass

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability: Tiny Personal Firewall Locked Terminal Bypass

    Tiny Personal Firewall Locked Terminal Bypass Vulnerability

    An issue has been reported in Tiny Personal Firewall which could allow a local attacker to permit users unauthorized access to Tiny Personal Firewall. Reportedly, this is possible even if the local system is locked.



    A user scanning the network could initiate an alert dialogue in the foreground of a locked workstation with the firewall installed. The dialogue box requires the user to either permit or deny input. If the workstation is unattended the local attacker could select permit and enter information to the firewall program, without the legitimate user of the services knowledge.

    Potentially this issue could allow unauthorized users to modify the Personal Tiny Firewal settings.

    Remote: No

    Exploit: There is no exploit.

    Vulnerable: Tiny Personal Firewall 2.0.15

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    120
    Thanks for the heads up,
    I am glad that I do not have to worry about local attacks on my network. {I have a home network}
    \"To follow the path:
    look to the master,
    follow the master,
    walk with the master,
    see through the master,
    become the master.\"
    -Unknown

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    thks s0nIc. I don't use tiny but was considering it. I guess they all have problems.
    Trappedagainbyperfectlogic.

  4. #4
    People! Wake Up. Tiny gave up on their products already. Instead, jump to the well know Sygate Personal Firewall Pro or Kerio Personal Firewall 2.1 b5.

  5. #5
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    hehehehe all firewalls have flaws even ZoneAlarm or BlackIce or Tiny..
    but yeah.. ill juz bring in the LATEST flaw.. hahahha

    the good part about this vulnerability is that its local.. so it can be handled easily..

    though.. it can be remote.. lets say server uses tiny.. intruder scanns the network and initiate an alert dialogue.. The dialogue box requires the user to either permit or deny input. If the workstation is unattended the local attacker could select permit and enter information to the firewall program, without the legitimate user of the services knowledge.

    Potentially this issue could allow unauthorized users to modify the Personal Tiny Firewal settings. blah blah blah..

    well what if the intruder has access to Hyper Terminal and can emulate the Server desktop in his box.. that would be easy...
    considering Hyper Terminal is a legal software used by admins to remotely admin/configure their servers..

    so yeah.. theoratically it can be remote..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •