Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Serious vulnerability in Check Point Firewall-1 - 02/09/04

Feb 9, 2004 3:52AM PST

Madrid, February 9 2004 - US-CERT has reported -at
http://www.us-cert.gov/cas/techalerts/TA04-036A.html - a serious security problem affecting several versions of Check Point Firewall-1.

According to the US-CERT alert, this security flaw could allow commands to be run on the firewall with administrator privileges. It could also be
exploited to launch a Denial of Service (DoS) attack on the affected firewalls (listed below):

- Check Point Firewall-1 NG FCS
- Check Point Firewall-1 NG FP1
- Check Point Firewall-1 NG FP2
- Check Point Firewall-1 NG FP3, HF2
- Check Point Firewall-1 NG with Application Intelligence R54
- Check Point Firewall-1 NG with Application Intelligence R55

The vulnerability lies in the Application Intelligence (AI) component of Check Point Firewall-1: a proxy that analyzes traffic to detect application level attacks, and in HTTP Security Server, the component with similar
functions in earlier versions. The problem is caused when AI or HTTP Security Server scan HTTP traffic, and can be exploited by an attacker through a specially crafted invalid HTTP request. When the firewall receives the request, it generates an error message which could cause the buffer overflow.

Check Point has released -at
http://www.checkpoint.com/techsupport/alerts/security_server.html - an update which corrects the vulnerability.

Discussion is locked