Environment
Novell Access Management 3 SSLVPN Server
Situation
After a workstation connects to the sslvpn server, and downloads
the ActiveX controls in IE, a policy.txt file is created in the
users directory (Windows) that contains the rules indicating what
traffic and ports can go over the VPN.
If a user makes this file read-only, disconnect, and then edits it manually before reconnecting, that user can get access to any resources on the coporate LAN that would normally be prohibited. For example, changing the file to include
sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};
will give the user access to all webservers on the corporate LAN. NO traffic access checking is done on the SSLVPN server
If a user makes this file read-only, disconnect, and then edits it manually before reconnecting, that user can get access to any resources on the coporate LAN that would normally be prohibited. For example, changing the file to include
sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};
will give the user access to all webservers on the corporate LAN. NO traffic access checking is done on the SSLVPN server
Resolution
Apply nam3ir2.tar.gz from support.novell.com
Status
Security AlertAdditional Information
Thanks to Kai Ung from Rikshospitalet‑Radiumhospitalet Medical
Centre for finding and confirming fix.