COMMAND

    Sybergen Secure Desktop

SYSTEMS AFFECTED

    Sybergen Secure Desktop

PROBLEM

    Following is based on Infosec Security Vulnerability Report.
    There are two problems:

    Problem 1:  Sybergen Secure Desktop does not protect against false
                router  advertisements.   An  attacker  can  add false
                default gateway entries to a Windows98 routing  table,
                even when protected by Sybergen Secure Desktop.

    Problem 2:  Sybergen Secure Desktop  dies when a  user clears  the
                routing table from default  gateway entries.  An  user
                can  accidently  kill  the  Sybergen  Secure   Desktop
                personal firewall.

    These  was  tested  on  Sybergen  Secure  Desktop 2.1 build 455 on
    Windows98.

    The first vulnerability is  that Sybergen Secure Desktop  does not
    protect against false  router advertisements, ICMP  type 9.   This
    means that an  attacker can add  new default route  entries to the
    victim's routing table (that in turn is a known vulnerability  for
    Windows98,  see  L0pht  Security  Advisory  August 11, 1999).  The
    vulnerability is present even when Sybergen Secure Desktop is  set
    to ultra-high security level.

    The second vulnerability occurs when the routing table is full  of
    bogus entries and the user  clears it from default routes  (ms-dos
    "route -f").  Then the firewall completely and quietly dies.   The
    user has to restart the  computer to make Sybergen Secure  Desktop
    work again.

SOLUTION

    Currently there is no patch that corrects this problem.