Latest YouTube Video

Wednesday, February 24, 2016

[FD] GTA Firewall GB-OS v6.2.02 - Filter Bypass & Persistent Vulnerability

Document Title: =============== GTA Firewall GB-OS v6.2.02 - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://ift.tt/21fe5vG Release Date: ============= 2016-02-24 Vulnerability Laboratory ID (VL-ID): ==================================== 1713 Common Vulnerability Scoring System: ==================================== 3 Product & Service Introduction: =============================== GB-OS 6.2 presents numerous enhancements and new features for GTA firewall UTM appliances. GB-OS updates include new country blocking configuration options, additional report types and graphs, threat management and high availability enhancements, certificate management additions, IPv6 updates, and abundant web interface upgrades. GB-OS 6.2 also provides 64-bit support for GB-2100 and GB-2500. GB-Ware includes both 64-bit and 32-bit support. Certificate management updates include the addition of pkcs#7 format, CRLs and the ability to revoke certificates. High Availability features improved slave and group updating for easier failover management utilizing multiple firewalls, and an increased VRID range. Threat management updates protect your network and resources with up-to-the minute technology. The power of GTA`s Mail Proxy is boosted with support for EHLO and ESIZE commands and the addition of a DNS white list. The Web Filtering subscription option includes new refined content categories, providing more granular web access control for employees. Web interface improvements include menu navigation modifications, country flags, updated monitoring and activity pages and updated configuration wizards. These modifications and new elements aide administrators in configuring and managing GB-OS powered firewalls. Configuration verification messages and log messages have also been updated for improved firewall administration. (Copy of the Homepage: http://ift.tt/1QDmqUR ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered an application-side input validation web vulnerability in the official GTA Web Firewall appliance - GB OS v6.2.02. Vulnerability Disclosure Timeline: ================================== 2016-02-04: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2016-02-05: Vendor Notification (GTA Security Team) 2016-02-10: Vendor Response/Feedback (GTA Security Team) 2016-02-11: Vendor Fix/Patch #1 (GTA Developer Team) 2016-02-20: Security Acknowledgements (GTA Security Team) 2016-02-24: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Global Technology Assiciates Inc Product: GTA Web Firewall - Web-Application (Appliance) GB-2500, GB-2100, GB-850, GB-300 & GB-Ware Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ An application-side input validation web vulnerability has been discovered in the official GTA Web Firewall appliance - GB OS v6.2.02. The vulnerability allows a local attackers to inject own malicious script codes to the application-side of the affected modules context. The security vulnerability is located in the `Edit Packet Capture Filter` function of the `Monitor - Packet Capture - Monitor - Tools - Packet Capture` module. Remote attackers are able to inject script codes to the description input field by adding a new packet capture filter in the web firewall interface. The injection point is the `Edit Packet Capture Filter - Description Input Field` and the execution point is the `Packet Capture` item listing. The attack vector is persistent (application-side) and the request method to inject is POST. The web firewall interface has an own validation procedure to filter bad inputs. The input validation of the description can be bypassed by injection of a splitted char injection. The attacker can inject two payloads and the first is filtered, the second bypasses the validation. The security risk of the application-side validation web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the persistent input validation web vulnerability requires a privileged appliance web-application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules. Request Method(s): [+] POST Vulnerable Service(s): [+] GB OS v6.2.02 Vulnerable Module(s): [+] Packet Capture - [Monitor - Tools - Packet Capture] Vulnerable Input(s): [+] Edit Packet Capture Filter - [Description] Vulnerable Parameter(s): [+] description - listtextplain Affected Module(s): [+] Packet Capture Item Listing Proof of Concept (PoC): ======================= The application-side validation vulnerability and filter bypass can be exploited by local attackers with privileged web-application user account and low user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. PoC: Packet Capture - [Monitor -> Tools -> Packet Capture] ...

Source: Gmail -> IFTTT-> Blogger
">
Index Edit Interface Capture File Packets Captured Description
1 EXTERNAL
2 EXTERNAL
asdasd
3 EXTERNAL
">

No comments: