MZL & Novatech TrafficStatistic Website
Home MZL
Webshop
Products
Webservice
Helpdesk
Feedback
About us
News
Submit News
MZL & Novatech Product and Service News
Traffic Statistics News Robot
Traffic Statistics Users Newsfeed
Open SNMP Backdoor Found ...
Search
MZL & Novatech TrafficStatistic Website
News - more news - submit news - XML
United States, 11/20/08:  (details)
Daniusoft Media Converter for free at Giveawayoftheday.com
USA, 11/19/08:  (details)
iOrgSoft Inc. Released The Best Video Converter-a versatile video editing and conversion software
New York, 11/07/08:  (details)
MelodyCan Convert wma, m4p, m4b, m4a, aac, mpeg, m4v, mp3 on 64 bit OS
USA, 11/06/08:  (details)
Wondershare Media Converter is not only a professional DRM remover, which can remove DRM from both protected music and video files, but also a powerful DRM Media Converter that supports nearly all the popular media formats.
gd/china, 11/06/08:  (details)
Brand-new Daniusoft DVD to iPod Converter

Channel: Traffic Statistics Users NewsfeedThis Traffic Statistic news channel is feeded by the Traffic Statistics Users, which can post news items or press releases in real time. If you want to provide a resource, just visit the trafficstatistic website at http://www.trafficstatistic.com/news/add_news_item.html. If you remark an abuse, please report it to abuse@trafficstatistic.com and our admin will delete the item.



Berlin/Germany, 09/24/04

Open SNMP Backdoor Found in Symantec Corporate Firewall and Gateway Products


What's the sense of installing a firewall, when the firewall itself installs a backdoor?

Symantec corporate firewall and gateway products using SNMP do not allow the administrator to specify the SNMP "community string", which means that they come with a default password, which can't be changed. Admins using such a firewall should upgrade the firmware.

Description:
Symantec Firewall/Gateway products contain a flaw that may allow a malicious user to read from and write to the devices configuration setting via SNMP. The issue is triggered because the Firewall/Gateway products use a standard default community string and do not allow the administrator to disable SNMP or change the community string. It is possible that the flaw may allow disclosure and modification of device settings resulting in a loss of integrity.

Vulnerability Classification:
* Remote/Network Access Required
* Information Disclosure Attack
* Misconfiguration Problem
* Loss Of Integrity
* Exploit Available
* Verified

Products:
* Symantec Corporation Firewall 100
* Symantec Corporation Firewall 200
* Symantec Corporation Firewall 200R
* Symantec Corporation Gateway 320
* Symantec Corporation Gateway 360
* Symantec Corporation Gateway 360R

Solution:
Upgrade to firmware version 1.63 or higher for Firewall/VPN products and firmware build 622 or later for Gateway products, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Link provided: http://www.osvdb.org/10206



Added by: Traffic Statistics Admin

Previous news item - - - Next news item
Impressum
© 2004-2005 MZL Billing Services & Novatech Ltd. All rights reserved.
 Sponsoring Mein Parteibuch