[NEWS] CheckPoint FireWall-1 GUI Buffer Overflow

From: support@securiteam.com
Date: 09/22/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [NEWS] CheckPoint FireWall-1 GUI Buffer Overflow
Message-Id: <20010922090939.976DE138C1@mail.der-keiler.de>
Date: Sat, 22 Sep 2001 11:09:39 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  CheckPoint FireWall-1 GUI Buffer Overflow
------------------------------------------------------------------------

SUMMARY

An issue exists in VPN-1/FireWall-1 Management Server running on Windows
NT or Windows 2000. A malicious administrator can exploit a buffer
overflow condition in the GUI authentication code to potentially impair
management station functionality or to execute code. Any attack must come
from an IP address explicitly defined as an authorized GUI client. Only
management stations running Windows NT or Windows 2000 are affected. This
includes any standalone VPN-1/FireWall-1 Gateways (with Management Server
and enforcement points installed on the same machine), but does not
include module-only (enforcement point) installations.

This issue affects VPN-1/FireWall-1 4.0, 4.1, and Next Generation systems.
Hotfixes for VPN-1/FireWall-1 4.0 SP8, 4.1 SP4, 4.1 SP5, and Next
Generation Hotfix-2 are available for immediate download at
<http://www.checkpoint.com/techsupport/index.html>
http://www.checkpoint.com/techsupport/index.html.

DETAILS

Solution:
Apply the relevant GUI Buffer Overflow Hotfix to the management station.

Who is affected:
All installations of VPN-1/FireWall-1 with Management Servers running on
Windows NT or Windows 2000.

Immediate workaround:
Allow GUI connections only from trusted hosts.

Changes made in the hotfix:
The buffer checking on the Management Server has been improved.

Download information:
The GUI Buffer Overflow Hotfix is available for immediate download at the
Software Subscription Download Site for the following versions:

 * VPN-1/FireWall-1 4.0 SP8
 * VPN-1/FireWall-1 4.1 SP4
 * VPN-1/FireWall-1 4.1 SP5
 * VPN-1/FireWall-1 NG HF2

NOTE: Management Servers with versions older than those listed above must
be first upgraded and then have the GUI Buffer Overflow Hotfix applied.

ADDITIONAL INFORMATION

The information has been provided by
<mailto:Scott.Register@us.CheckPoint.com> Scott Register.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.