发布时间 :2004-09-28 00:00:00
修订时间 :2017-07-10 21:30:17

[原文]Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before authentication, which could allow remote attackers to bypass filtering rules.

[CNNVD]Sygate Enforcer未授权广播漏洞(CNNVD-200409-079)

        Sygate Enforcers是一款包过滤防火墙设备。
        Sygate Enforcers不正确限制广播通信,远程攻击者可以利用这个漏洞攻击受防火墙保护的主机。
        默认配置下,Sygate Enforcers允许所有广播通信在没有验证之前通过防火墙设备,因此会导致保护主机被恶意攻击。目前没有详细漏洞细节提供。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040810 Corsaire Security Advisory - Sygate Enforcer unauthenticated broadcast issue
(UNKNOWN)  XF  sygate-enforcer-filter-bypass(16948)

- 漏洞信息

Sygate Enforcer未授权广播漏洞
高危 设计错误
2004-09-28 00:00:00 2006-08-24 00:00:00
        Sygate Enforcers是一款包过滤防火墙设备。
        Sygate Enforcers不正确限制广播通信,远程攻击者可以利用这个漏洞攻击受防火墙保护的主机。
        默认配置下,Sygate Enforcers允许所有广播通信在没有验证之前通过防火墙设备,因此会导致保护主机被恶意攻击。目前没有详细漏洞细节提供。

- 公告与补丁

        建议用户升级Sygate Enforcer产品:

- 漏洞信息 (F34010)

Corsaire Security Advisory 2003-11-20.3 (PacketStormID:F34010)
2004-08-11 00:00:00
Martin O'Neal,Corsaire

Corsaire Security Advisory - Sygate Enforcer releases prior to 3.5MR1 allow unauthenticated broadcast traffic to pass through.

-- Corsaire Security Advisory --

Title: Sygate Enforcer unauthenticated broadcast issue
Date: 20.11.03
Application: Sygate Enforcer prior to 3.5MR1
Environment: Windows NT, 2000, 2003
Author: Martin O'Neal []
Audience: General distribution
Reference: c031120-003

-- Scope --

The aim of this document is to clearly define an issue that exists with 
the Sygate Enforcer product [1] that will allow a remote attacker to 
pass broadcast traffic through the Enforcer prior to authentication. 

-- History --

Discovered: 20.11.03 (Martin O'Neal)
Vendor notified: 14.01.04
Document released: 10.8.04

-- Overview --

Sygate Enforcers are described as [2] "network gateway devices that 
enforce host integrity at network access points". Architecturally they 
function as an authenticated, packet-filtering firewall device. The 
Enforcer interacts with the Sygate Security Agent (SAA [the personal 
firewall component]) product and limits access to protected 
networks/hosts to authenticated clients that comply with a predefined 

In practise, the Enforcer does not limit broadcast traffic (both local-
net and all-nets) from passing through prior to authentication, allowing 
hosts that are protected by the Enforcer to still be attacked.

-- Recommendations --

The Enforcer product should be upgraded to a version that is not 
susceptible to this issue.

If it is not possible to upgrade promptly, then it may be feasible to 
protect hosts that are not local to the Enforcer by reconfiguring router 
devices to not propagate broadcasts.

-- Background --

This issue was discovered using a custom protocol analysis tool 
developed by Corsaire's security assessment team. This tool is not 
available publicly, but is an example of the specialist approach used by 
Corsaire's consultants as part of a commercial security assessment. To 
find out more about the cutting edge services provided by Corsaire 
simply visit our web site at

-- CVE --

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2004-0593 to this issue. This is a candidate for
inclusion in the CVE list (, which standardises
names for security problems.

-- References --


-- Revision --

a. Initial release.

-- Distribution --

This security advisory may be freely distributed, provided that it 
remains unaltered and in its original form. 

-- Disclaimer --

The information contained within this advisory is supplied "as-is" with 
no warranties or guarantees of fitness of use or otherwise. Corsaire 
accepts no responsibility for any damage caused by the use or misuse of 
this information.

-- About Corsaire --

Corsaire are a leading information security consultancy, founded in 1997 
in Guildford, Surrey, UK. Corsaire bring innovation, integrity and 
analytical rigour to every job, which means fast and dramatic security 
performance improvements. Our services centre on the delivery of 
information security planning, assessment, implementation, management 
and vulnerability research. 

A free guide to selecting a security assessment supplier is available at 

Copyright 2004 Corsaire Limited. All rights reserved. 


- 漏洞信息

Sygate Enforcer Broadcast Traffic Filter Bypass
Remote / Network Access Infrastructure
Impact Unknown
Exploit Public

- 漏洞描述

Sygate Enforcer contains a flaw that may allow a malicious user to bypass authentication and pass broadcast traffic onto hosts. The issue is triggered when a malicious user sends broadcast traffic destined for a host protected by Sygate Enforcer. Sygate Enforcer does not limit and/or stop broadcast traffic prior to authentication. It is possible that the flaw may allow the remote attacker to send malicious broadcast traffic to the protected machine resulting in a loss of availability.

- 时间线

2004-08-10 2003-11-20
2004-08-10 Unknow

- 解决方案

Upgrade to version 3.5MR1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Sygate Secure Enterprise Enforcer Unauthenticated Broadcast Request Bypass Vulnerability
Design Error 10908
Yes No
2004-08-10 12:00:00 2009-07-12 06:16:00
Discovery is credited to Corsaire <>.

- 受影响的程序版本

Sygate Secure Enterprise 3.5
Sygate Secure Enterprise 3.0
Sygate Secure Enterprise 4.0
Sygate Secure Enterprise 3.5 MR3
Sygate Secure Enterprise 3.5 MR1

- 不受影响的程序版本

Sygate Secure Enterprise 4.0
Sygate Secure Enterprise 3.5 MR3
Sygate Secure Enterprise 3.5 MR1

- 漏洞讨论

It is reported that the Enforcer component of Secure Enterprise is prone to a vulnerability that may allow unauthenticated broadcast traffic to bypass filtering and reach computers in the internal network.

Sygate Enforcer versions prior to 3.5MR1 are reported prone to this issue.

- 漏洞利用

No exploit is required.

- 解决方案

It is reported that Sygate Secure Enterprise versions 3.5MR1 and subsequent are not affected by this issue. This information has not been confirmed at the moment.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 相关参考