Bugtraq mailing list archives
SecureXpert Advisory [SX-20000620-3]
From: sxdirect () SECUREXPERT COM (SecureXpert DIRECT Sender)
Date: Fri, 30 Jun 2000 16:21:59 -0400
FSC Internet Corp. / SecureXpert Labs SecureXpert Labs Advisory [SX-20000620-3] - Partial Denial of Service in Check Point Firewall-1 on Windows NT Summary The SMTP Security Server component of Check Point Firewall-1 4.0 and 4.1 is vulnerable to a simple network-based attack which raises the firewall load to 100%. Details Check Point Firewall-1 includes a component called the SMTP Security Server. This is an SMTP proxy, the use of which is required by several of Firewall-1's advanced SMTP email processing capabilities, including CVP-based virus scanning and URI filtering. The Check Point Firewall-1 SMTP Security Server in Firewall-1 4.0 and 4.1 on Windows NT is vulnerable to a simple network-based attack which can increase the firewall's CPU utilization to 100%. Sending a stream of binary zeros over the network to the SMTP port on the firewall raises the target system's load to 100% while the load on the attacker's system machine remains relatively low. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc firewall 25 < /dev/zero". This vulnerability could allow a very quick and easy distributed attack on Check Point Firewall-1. Status Check Point Software Technologies has been informed of this vulnerability, and has assigned it incident ID# TT44913. As of June 20, 2000 Check Point has stated that a fix for this vulnerability will NOT be included in Service Pack 2 (SP-2) for Check Point firewall-1 4.1, but it will "probably be included in SP-3". Credits Mike Murray, SecureXpert Labs Max Degtyar, SecureXpert Labs Richard Reiner, SecureXpert Labs About SecureXpert DIRECT SecureXpert DIRECT is an advance security advisory service provided by SecureXpert Labs. Subscriptions are free of charge and may be obtained online at http://www.securexpert.com/services.html.
Current thread:
- Re: ftpd: the advisory version, (continued)
- Re: ftpd: the advisory version Steven M. Bellovin (Jun 26)
- Re: ftpd: the advisory version Dan Harkless (Jun 27)
- Re: ftpd: the advisory version Teodor Cimpoesu (Jun 28)
- Re: ftpd: the advisory version Sebastian (Jun 28)
- Re: ftpd: the advisory version Kasatenko Ivan Alex. (Jun 29)
- Re: ftpd: the advisory version Barney Wolff (Jun 29)
- Re: ftpd: the advisory version Sebastian (Jun 29)
- (forw) Re: Netscape ftp Server (fwd) Elias Levy (Jun 29)
- Re: ftpd: the advisory version Juergen P. Meier (Jun 30)
- SecureXpert Advisory [SX-20000620-1] SecureXpert DIRECT Sender (Jun 30)
- SecureXpert Advisory [SX-20000620-3] SecureXpert DIRECT Sender (Jun 30)
- Re: ftpd: the advisory version Roger Espel Llima (Jun 28)
- Re: ftpd: the advisory version Kragen Sitaker (Jun 28)