Bugtraq mailing list archives
Fw: Firewall-1 remote SYSTEM shell buffer overflow
From: Scott Walker Register <scott.register () us checkpoint com>
Date: Fri, 30 Nov 2001 10:32:52 -0500
Check Point has investigated this issue and determined that this vulnerability has already been disclosed and corrected. For further information, please refer to http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html . Note that this issue is also fixed in VPN-1/FW-1 version NG, Feature Pack 1. -SwR ------------------------
From: Indigo <indig0 () talk21 com> Subject: Firewall-1 remote SYSTEM shell buffer overflow Date: 28 Nov 2001 20:08:14 -0000 To: bugtraq () securityfocus com Mailer: SecurityFocus As you can see I've got a few weeks free between jobs to write some overflows! Here's badboy.c the overflow for Checkpoint Firewall-1 NB The overflow only works if you launch the attack from a valid GUI client machine i.e. your IP address must be present in the target firewall's $FWDIR/conf/gui-clients file.
---------------End of Original Message-----------------
----------------------------------------------------------------
Scott.Register () us CheckPoint com || FireWall-1 Product Manager
Check Point Software Technologies, Inc.
2255 Glades Road / Suite 324A \ Boca Raton, FL 33431
Voice: 561.989.5418 | Fax: 561.997.5421 | 11/30/01 10:32:52
----------------------------------------------------------------
Current thread:
- Firewall-1 remote SYSTEM shell buffer overflow Indigo (Nov 28)
- Message not available
- Fw: Firewall-1 remote SYSTEM shell buffer overflow Scott Walker Register (Nov 30)
- Message not available
- <Possible follow-ups>
- Firewall-1 remote SYSTEM shell buffer overflow Indigo (Nov 29)