At 01:00 PM 11/16/2000 -0800, [EMAIL PROTECTED] wrote:
>Has anyone verified this vulnerability?? Hopefully these vulnerability
>alert type companies will at least verify the vulnerability before release
>it to the public.
It's a vulnerability in one sense but it's unlikely in the extreme that
anyone could exploit it. To exploit the vulnerability, you've got to pass a
carefully crafted display argument to x-gw. Fortunately, x-gw is usually
started up by other proxies (like the telnet proxy); that proxy parses the
display argument and won't let you pass that 'carefully crafted' display
argument.
OK, so how is this exploitable? Only if you use x-gw in some other manner,
AND if you've somehow lost all sense and are running x-gw setuid root. For
example, if you give me a user account on your firewall and setuid x-gw, I
can probably write an exploit.
In sum, no big deal, but since we can't guarantee that everyone in the
world runs their firewalls responsibly, there is a point to this advisory.
-Rick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
