TITLE: Symantec Firewall Products Internal IP Addresses Disclosure SECUNIA ADVISORY ID: SA20082
VERIFY ADVISORY: http://secunia.com/advisories/20082/ CRITICAL: Not critical IMPACT: Exposure of system information WHERE: >From remote OPERATING SYSTEM: Symantec Gateway Security 5000 Series 3.x http://secunia.com/product/6648/ Symantec Gateway Security 5000 Series 2.x http://secunia.com/product/9881/ SOFTWARE: Symantec Enterprise Firewall (SEF) 8.x http://secunia.com/product/3587/ DESCRIPTION: A weakness has been reported in Symantec Firewall products, which can be exploited by malicious people to disclose certain system information. The weakness is caused due to an error when generating responses to certain HTTP requests. This can be exploited to cause the firewall to reveal internal IP addresses that are normally hidden by the use of Network Address Translation (NAT). The weakness has been reported in the following products: * Symantec Gateway Security 5000 Series (versions 2.0.1 and 3.0). * Symantec Enterprise Firewall 8.0. SOLUTION: Apply product updates. http://www.symantec.com/techsupp/enterprise/select_product_updates.html ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
