Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

CERT warns firewall leaves open door to attackers

From: InfoSec News <isn () c4i org>
Date: Tue, 10 Jul 2001 03:54:48 -0500 (CDT)
http://it.mycareer.com.au/breaking/2001/07/10/FFX85T3KYOC.html

Tuesday 10 July, 2001 09:46 GMT+10:00
By BARRY PARK, FAIRFAX IT

A United States-based network security watchdog has warned of a
security hole in firewall software that will give an attacker access
to the system and could lead to a denial of service attack.

An advisory from CERT overnight said Check Point VPN1 and FireWall1
Version 4.1 software contained a vulnerability that may allow an
intruder to pass traffic through the firewall on port 259/UDP.

The advisory said FireWall1 and VPN1 do not provide adequate security
controls for RDP (reliable data protocol), a protocol designed to
provide a reliable data transport service for packetbased applications
such as remote loading and debugging, and supported by the firewall
software.

The company that discovered the security hole, Inside Security GmbH
said an attacker could add a faked RDP header to normal UDP traffic,
allowing any content to be passed to port 259 on any remote host on
either side of the firewall.

"Although the CERT/CC has not seen any incident activity related to
this vulnerability, we do recommend that all affected sites upgrade
their Check Point software as soon as possible," the advisory from
CERT says.

"If an intruder can gain control of a host inside the firewall, he may
be able to use this vulnerability to tunnel arbitrary traffic across
the firewall boundary.
  
"Additionally, even if an intruder does not have control of a host
inside the firewall, he may be able to use this vulnerability as a
means of exploiting another vulnerability in software listening
passively on the internal network," it says.

CERT said an intruder may be able to use this vulnerability to launch
certain kinds of denialofservice attacks.

The advisory recommends that routers be configured to block access to
port 259/UDP until a patch is applied from
http://www.checkpoint.com/techsupport/downloads



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.
Previous By Date Next
Previous By Thread Next

Current thread: