Bugtraq mailing list archives
Re: CheckPoint FW1 BUG
From: sinster () DARKWATER COM (Jon Paul, Nollmann)
Date: Mon, 17 Jul 2000 15:39:58 -0700
Sprach Hugo.van.der.Kooij () CAIW NL:
FW-1 does not use RPC itself at all. I've seen a couple of dozen of installations of FW-1 on just about any platform (besides Linux at present ;-) an know it runs on very bare systems.
Please. You answered your own question: you don't know FW-1 on NT. It is very feasible that FW-1 would use RPC on an NT box. For instance: MS OLE is dependant on RPC. So if FW-1 uses OLE, it's dependant on RPC. Does it support drag-and-drop? Then it probably uses OLE. I don't know FW-1 on NT either, but I've done a lot more debugging under NT than I care to admit, I've stumbled over a large number of these undocumented (or poorly documented) gotchas on NT that reach up and bite the unwary programmer. A naive port of a *NIX application to NT will bring in all sorts of unintended dependancies that may very well be wholly inappropriate. Hell, a naive implementation of a new program under NT will do the same. The thought that Checkpoint's translation of FW-1 over to NT has caused it to become dependant on RPC without having a single call to any RPC routine in their code is entirely credible to me. I'm sure that's just the tip of the set of unintended dependancies that it has. The only reason I was able to find out about this OLE/RPC dependancy is through sheer luck (I dunno if it's bad luck or good luck). I had written a program for a client. One of their clients was encountering a bug with my program. I and my client couldn't reproduce the bug. The client flew a machine out, and on that machine we could reproduce the bug. Examining the machine's configuration, we were able to build another machine where we could also reproduce the bug. After much effort, we found sockets leaking from Microsoft's OLE library. My client's pitiful little GOLD support contract wasn't sufficient for Microsoft to do anything about it. They (Microsoft) strongly asserted that it was our bug. Only through the channels opened by my client's client's superior support contract (would you call that a "platinum" contract or something?) was Microsoft willing to acknowledge the bug and offer a workaround. The workaround was to tweak the RPC controls in the registry. I expressed surprise at this, and Microsoft explained that their OLE library is built on RPC. Sure enough, when we made the tweak, the bug disappeared. So, unless Checkpoint has this mythical platinum support contract, they probably don't know about this bug. And I'm sure there are other problems as well. -- Jon Paul Nollmann ne' Darren Senn sinster () balltech net Unsolicited commercial email will be archived at $1/byte/day. Congratulations FBI men: Hoover would be proud of you
Current thread:
- Re: CheckPoint FW1 BUG NHC Research (Jul 13)
- Re: CheckPoint FW1 BUG Hugo.van.der.Kooij () CAIW NL (Jul 14)
- Re: CheckPoint FW1 BUG uh Clem (Jul 14)
- Re: CheckPoint FW1 BUG Hugo.van.der.Kooij () CAIW NL (Jul 14)
- Re: CheckPoint FW1 BUG Jon Paul, Nollmann (Jul 17)
- Re: CheckPoint FW1 BUG Benjamin Smee (Jul 19)
- HP Jetdirect - Invalid FTP Command DoS Peter Grundl (Jul 19)
- Re: CheckPoint FW1 BUG Per Hoff (Jul 19)
- Alert: Buffer Overrun is O'Reilly WebsitePro httpd32.exe (CISADV000717) Cerberus Security Team (Jul 19)
- Alert: Buffer Overrun is O'Reilly WebsitePro webfind.exe (CISADV000718) Cerberus Security Team (Jul 19)
- Outlook exploit fix opens old hole? Ben (Jul 19)
- [COVERT-2000-08] O'Reilly WebSite Professional Overflow COVERT Labs (Jul 19)
- Security Fix for Blackboard CourseInfo 4.0 aleph1 () securityfocus com (Jul 19)
- [TL-Security-Announce] wu-ftpd TLSA2000014-1 Joe Little (Jul 19)
- @stake iKey 1000 Security Advisory Kingpin (Jul 20)
- Re: CheckPoint FW1 BUG uh Clem (Jul 14)
- Re: CheckPoint FW1 BUG Hugo.van.der.Kooij () CAIW NL (Jul 14)