Results 1 to 3 of 3
08-31-2004, 11:12 PM #1DetailHostGuest
HTTP Parsing Vulnerabilities in Check Point Firewall-1
This is old news and thought may be useful for WHC members.
Last revised: --
A complete revision history can be found at the end of this file.
Check Point Firewall-1 NG FCS
Check Point Firewall-1 NG FP1
Check Point Firewall-1 NG FP2
Check Point Firewall-1 NG FP3, HF2
Check Point Firewall-1 NG with Application Intelligence R54
Check Point Firewall-1 NG with Application Intelligence R55
Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. This allows the attacker to take control of the firewall, and in some cases, to also control the server it runs on.
The Application Intelligence (AI) component of Check Point Firewall-1 iis an application proxy that scans traffic for application layer attacks once it has passed through the firewall at the network level. Earlier versions of Firewall-1 include the HTTP Security Server, which provides similar functionality.
Both the AI and HTTP Security Server features contain an HTTP parsing vulnerability that is triggered by sending an invalid HTTP request through the firewall. When Firewall-1 generates an error message in response to the invalid request, a portion of the input supplied by the attacker is included in the format string for a call to sprintf().
Researchers at Internet Security Systems have determined that it is possible to exploit this format string vulnerability to execute commands on the firewall. The researchers have also determined that this vulnerability can be exploited as a heap overflow, which would allow an attacker to execute arbitrary code. In either case, the commands or code executed by the attacker would run with administrative privileges, typically "SYSTEM" or "root". For more information, please see the ISS advisory at:
The CERT/CC is tracking this issue as VU#790771. This reference number corresponds to CVE candidate CAN-2004-0039.
This vulnerability allows remote attackers to execute arbitrary code on affected firewalls with administrative privileges, typically "SYSTEM" or "root". Failed attempts to exploit this vulnerability may cause the firewall to crash.
This document was written by Jeffrey P. Lanza.
This document is available from: http://www.us-cert.gov/cas/techalerts/TA04-036A.html
09-01-2004, 03:39 PM #2kirukkanGuest
Very good articles, but it is bit old
09-01-2004, 04:07 PM #3
- Join Date
- Mar 2004
Moved to security issues forum.For reliable shared and reseller hosting, visit RadixHosting.