Re: CheckPoint FW1 HTTP Security Hole

[Greg Fraize <gfraize () genuity com>]

In-Reply-To: <3C7269B2.2090005 () discon de>

Did you do this testing on a SUN, NT, or Nokia platform?

I have SP5 installed on a Nokia 740, and I could not reproduce this exact issue.

By rule define to be:
Src: any
dst: 1.1.1.1
service: http-security server(with tunnel enable and the host field set to *:*)

I then did a telnet to 1.1.1.1 80 and type

CONNECT 1.1.1.1:25 / HTTP/1.0

and I was able to connect to port 25 of the host in question.

I use the same rule and did the connect command of 

CONNECT 1.1.1.2:25 / HTTP/1.0
and I was not able to connect to 1.1.1.2 on port 25
The FW rule base stopped me.

I ran the same test on CP 4.1 SP4 on a sun platform and received the same results.

-Greg
(please reply to gfraize () genuity com)


> Received: (qmail 20784 invoked from network); 19 Feb 2002 21:44:11 -0000
> Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) 
(66.38.151.27)
>  by mail.securityfocus.com with SMTP; 19 Feb 2002 21:44:11 -0000
> Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
>       by outgoing.securityfocus.com (Postfix) with QMQP
>       id 8B2ECA3DB8; Tue, 19 Feb 2002 12:46:58 -0700 (MST)
> Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <bugtraq.list-id.securityfocus.com>
> List-Post: <mailto:bugtraq () securityfocus com>
> List-Help: <mailto:bugtraq-help () securityfocus com>
> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
> Delivered-To: mailing list bugtraq () securityfocus com
> Delivered-To: moderator for bugtraq () securityfocus com
> Received: (qmail 4350 invoked from network); 19 Feb 2002 14:46:21 -0000
> Message-ID: <3C7269B2.2090005 () discon de>
> Date: Tue, 1