Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336)
From: Scott Walker Register (scott.register@us.checkpoint.com)Date: 09/20/01
- Previous message: Dave Ahmad: "Re: New vulnerability in IIS4.0/5.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Sep 2001 18:08:44 -0500 From: Scott Walker Register <scott.register@us.checkpoint.com> Subject: Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336) To: bugtraq@securityfocus.com Message-ID: <Chameleon.1000937936.walker@stinky>
Check Point response to FireWall-1 GUI Log Viewer Vulnerability
An issue exists in VPN-1/FireWall-1 Management Servers running on Windows NT or Windows 2000. A malicious administrator can exploit a buffer overflow condition in the GUI authentication code to potentially impair management station functionality or to execute code. Any attack must come from an IP address explicitly defined as an authorized GUI client. Only management stations running Windows NT or Windows 2000 are affected.
More information is available at http://www.checkpoint.com/techsupport/alerts/
Hotfixes are available for immediate download at http://www.checkpoint.com/techsupport/index.html.
This advisory was brought to our attention on September 3rd, 2001 by the "QinetiQ SHC" Security Research Team.
----------------------------------------------------------------
Scott.Register@us.CheckPoint.com || FireWall-1 Product Manager
Check Point Software Technologies, Inc.
2255 Glades Road / Suite 324A \ Boca Raton, FL 33431
Voice: 561.989.5418 | Fax: 561.997.5421 | 09/19/01 18:08:44
----------------------------------------------------------------
- Previous message: Dave Ahmad: "Re: New vulnerability in IIS4.0/5.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
