Originally posted by Shoktek
Originally posted by NetStorm
I said they were scanning systems
I would really like your expert "network admin" opinion of how the government can just "scan systems". Please enlighten me. The most information
you could get from the average windows user from scanning their system would be OS version, ports open and services they are running, you can't
explore their hard drive unless you have explicit network permission given to you from the host computer. You can't remotely access a hard drive
unless they are running some type of service like ftp or telnet that allows remote hosts to log in to the system. That is ridiculous to even think of
that they can just scan hard drives.
[Edited on 5-2-2004 by Shoktek]
HTTP Parsing Vulnerabilities in Check Point Firewall-1
Original release date: February 05, 2004
Last revised: --
A complete revision history can be found at the end of this file.
* Check Point Firewall-1 NG FCS
* Check Point Firewall-1 NG FP1
* Check Point Firewall-1 NG FP2
* Check Point Firewall-1 NG FP3, HF2
* Check Point Firewall-1 NG with Application Intelligence R54
* Check Point Firewall-1 NG with Application Intelligence R55
Several versions of Check Point Firewall-1 contain a vulnerability that
allows remote attackers to execute arbitrary code with administrative
privileges. This allows the attacker to take control of the firewall,
and in some cases, to also control the server it runs on.
The Application Intelligence (AI) component of Check Point Firewall-1
is an application proxy that scans traffic for application layer
attacks once it has passed through the firewall at the network level.
Earlier versions of Firewall-1 include the HTTP Security Server, which
provides similar functionality.
Both the AI and HTTP Security Server features contain an HTTP parsing
vulnerability that is triggered by sending an invalid HTTP request
through the firewall. When Firewall-1 generates an error message in
response to the invalid request, a portion of the input supplied by the
attacker is included in the format string for a call to sprintf().
Researchers at Internet Security Systems have determined that it is
possible to exploit this format string vulnerability to execute
commands on the firewall. The researchers have also determined that
this vulnerability can be exploited as a heap overflow, which would
allow an attacker to execute arbitrary code. In either case, the
commands or code executed by the attacker would run with administrative
privileges, typically "SYSTEM" or "root". For more information, please
see the ISS advisory at:
The CERT/CC is tracking this issue as VU#790771. This reference number
corresponds to CVE candidate CAN-2004-0039.
This vulnerability allows remote attackers to execute arbitrary code on
affected firewalls with administrative privileges, typically "SYSTEM"
or "root". Failed attempts to exploit this vulnerability may cause the
firewall to crash.
Apply the patch from Check Point
Check Point has published a "Firewall-1 HTTP Security Server Update"
that modifies the error return strings used when an invalid HTTP
request is detected. For more information, please see the Check Point
This update prevents attackers from using several known error strings
to exploit this vulnerability. It is unclear at this time whether there
are other attack vectors that may still allow exploitation of the
underlying software defect.