Bugtraq mailing list archives
Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible
From: Rizan Sheikh Mohd <sheikhrizan () rocketmail com>
Date: 24 Mar 2003 01:25:36 -0000
In-Reply-To: <1779CE9992706F45BDC9575124A5AAE50122188A () a0001-xpo0114-s hodc ad allstate com> Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server & management are separated. It seems that syslog is running on port 514udp: $ ps -aef | grep syslog root 7239 7231 0 Mar23 ? 00:00:01 syslog 514 all Maybe the wording Checkpoint used on their web site. "Prior to the release of NG FP3 HF2......." really does include ALL releases before FP3 Rizan
Received: (qmail 16221 invoked from network); 21 Mar 2003 23:10:48 -0000 Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 21 Mar 2003 23:10:48 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing.securityfocus.com (Postfix) with QMQP id 337008F31B; Fri, 21 Mar 2003 16:10:34 -0700 (MST) Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com Received: (qmail 1533 invoked from network); 21 Mar 2003 18:47:50 -0000 Message-ID: <1779CE9992706F45BDC9575124A5AAE50122188A@a0001-xpo0114-
s.hodc.ad.allstate.com>
From: "Hines, Eric" <ehin4 () allstate com> To: dchesterfield () bankofny com Subject: RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible Date: Fri, 21 Mar 2003 12:59:20 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) content-class: urn:content-classes:message Content-Type: text/plain; charset="iso-8859-1" Alright. I was just concerned because of the wording Checkpoint used on their web site. "Prior to the release of NG FP3 HF2......." I'm going to assume they were referring to the HF2 portion of that, and
not
< FP3 Eric Hines -----Original Message----- From: dchesterfield () bankofny com [mailto:dchesterfield () bankofny com] Sent: Friday, March 21, 2003 12:53 PM To: Hines, Eric Cc: Maillist Bugtraq; Dr. Peter Bieringer Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible The daemon was apparently only introduced since FP3 "Hines, Eric" <ehin4@allstate.c To: "Dr. Peter Bieringer" <pbieringer () aerasec de>, Maillist Bugtraq om>
<bugtraq () securityfocus com>
cc: 21/03/2003 06:31 Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon pm possible Has anyone tested these vulnerabilities on NG FP1 or are they strictly related to FP3? Eric Hines -----Original Message----- From: Dr. Peter Bieringer [mailto:pbieringer () aerasec de] Sent: Friday, March 21, 2003 6:47 AM To: Maillist Bugtraq; Maillist full-disclosure Subject: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible Hi all, interesting for all Check Point FW-1 NG users which have enabled the since FP3 included syslog daemon.
Current thread:
- Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible Rizan Sheikh Mohd (Mar 25)