Skip to page contents

---

International (change)  Extranet |

---

---

Products    Training    Support    Downloads    Partners Contact | About us | Press & Media | Investor Relations

---

Support Offering | Security Advisories | Technical Product Documentation | Request Support | Product Life-cycle | License Center | Downloads | Contact Information |

---

• MAPP

---

---

Stonesoft Corporation Security Advisory

Date:   3 Dec, 2009
Title:  StoneGate SSL VPN Breaks Browser Domain-Based Security Model
Refs:   CVE-2009-2631, CERT VU#261869

Severity: Medium

1. Overview

US-CERT published a vulnerability note on 30th Nov 2009 that warns how the various SSL VPN products break the browser's domain-based security model. If the attackers can get control of any of the sites used through the SSL VPN, they may potentially bypass the authentication or launch other web-based attacks against other sites behind the same SSL VPN portal.

Stonesoft StoneGate SSL VPN engine is affected as stated below.

2. StoneGate SSL VPN

All StoneGate SSL VPN engine versions are vulnerable. The vulnerability lies in the architecture of the SSL VPN solution. As a result of the vulnerability, all resources under a single SSL VPN domain may potentially steal or modify each other's active web content such as web cookies.

Recommended Actions:

StoneGate SSL VPN administrators should deploy only trusted resources to the SSL VPN portal. Resources with significantly different security zones, such as resources hosted by different companies, should be deployed using Pooled DNS Mapping or Reserved DNS Mapping.

Untrusted resources should not be deployed to the SSL VPN portal at all. If these type of resources are needed, they should be deployed as External Sites so that the SSL VPN portal gives a direct link to the resource, instead of making the client to route the traffic to the resource through the SSL VPN portal.

Please consult the StoneGate SSL VPN Administrator's Guide for further information about deploying the Pooled DNS Mapping, Reserved DNS Mapping or defining External Sites.

3. Appendices

Stonesoft Security Analysis Group's PGP key is available at: http://www.stonesoft.com/system/galleries/download/other_files/Stonesoft-Security-Alert.asc

To report or to inquire about a security problem with Stonesoft software, please contact one or more of the following:

Stonesoft Support

Stonesoft Security Analysis Group:
security-alert(AT)stonesoft.com


The information contained in this advisory is provided on an as-is basis. Stonesoft does not make any warranties of any kind with respect to the information contained in this advisory. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES ARE HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.

IN NO EVENT WILL STONESOFT CORPORATION BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN THIS ADVISORY.

If any of the above provisions are held to be in violation of applicable law, void, or unenforceable in any jurisdiction, then such provisions are waived to the extent necessary for this disclaimer to be otherwise enforceable in such jurisdiction.

Copyright 2009 Stonesoft Corporation. All rights reserved.

Stonesoft, StoneGate and StoneBeat are trademarks or registered trademarks of Stonesoft Corporation in Finland and other countries. All other company and product names contained herein are property of their respective holders. This advisory may be reproduced and distributed only in its unaltered form and only for non-commercial purposes.

---