‘Having Fun with Sensor Appliance Proventia GX5108 and GX5008 Insecurities (Part One)’

Summary

Several security vulnerabilities have been found in ISS’s Proventia appliance, these vulnerabilities allow remote attackers to cause cross site scripting vulnerabilities in their user interface, cause the PHP scripts running on the server to include remote files as well as due to the usage of old OpenSSH (and in compatibility mode) to allow brute forcing of usernames and passwords with a timing attack.’

Credit:

‘The information has been provided by Alex Hernandez.
The original article can be found at: http://www.sybsecurity.com/hack-proventia-1.pdf


Details

Introduction:
Proventia Network IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) stops malicious Internet attacks before they impact your organization, the only effective way to preserve network availability, reduce the burden on your IT resources and prevent security breaches.

This document presents a couple of ideas for exploiting weaknesses in typical (local and remote) box configurations appliance, the second part will be related SITE PROTECTOR and administration vulnerabilities.

The paper is based on the bypassing of filtration of a common web application security hole known as XSS(Cross site scripting), RFI (Remote File Inclusion) and common attacks on services / ports.’

Categories: Reviews