SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   FireWall-1/VPN-1 Vendors:   Check Point
Check Point FireWall-1/VPN-1 Management Server GUI Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Management Server
SecurityTracker Alert ID:  1002430
SecurityTracker URL:  http://securitytracker.com/id/1002430
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 20 2001
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): VPN-1/FireWall-1 4.0, 4.1, and Next Generation systems
Description:   Check Point reported a vulnerability in their FireWall-1/VPN-1 Management Server that allows a remote user to potentially execute arbitrary code on the management server.

It is reported that, if the the Management Server is running on Windows NT or Windows 2000, a remote user can trigger a buffer overflow in the GUI authentication code to execute arbitrary code on the server. The remote user must be using an IP address explicitly defined as an authorized GUI client.

Standalone VPN-1/FireWall-1 Gateways (with Management Server and enforcement points installed on the same host) are vulnerable. Module-only (enforcement point) installations are reportedly not vulnerable.

Check Point credits "QinetiQ SHC" Security Research Team with discovery.

Impact:   A remote user orignating from an approved IP address can trigger a buffer overflow to execute arbitrary code on the management server.
Solution:   Apply the relevant GUI Buffer Overflow Hotfix to the management station. Hotfixes for VPN-1/FireWall-1 4.0 SP8, 4.1 SP4, 4.1 SP5, and Next Generation Hotfix-2 are available at:

http://www.checkpoint.com/techsupport/index.html

Fixes are available for the following versions:

VPN-1/FireWall-1 4.0 SP8
VPN-1/FireWall-1 4.1 SP4
VPN-1/FireWall-1 4.1 SP5
VPN-1/FireWall-1 NG HF2

Older versions of the management server must be first upgraded and then have the GUI Buffer Overflow Hotfix applied.

Vendor URL:  www.checkpoint.com/techsupport/alerts/buffer_overflow.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Check Point FireWall-1 GUI Buffer Overflow


From: http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html

Check Point FireWall-1
GUI Buffer Overflow


September 19, 2001

Summary: 
An issue exists in VPN-1/FireWall-1 Management Server running on
Windows NT or Windows 2000. A malicious administrator can exploit a
buffer overflow condition in the GUI authentication code to potentially
impair
management station functionality or to execute code. Any attack must
come from an IP address explicitly defined as an authorized GUI client.
Only
management stations running Windows NT or Windows 2000 are affected.
This includes any standalone VPN-1/FireWall-1 Gateways (with
Management Server and enforcement points installed on the same
machine), but does not include module-only (enforcement point)
installations. 

This issue affects VPN-1/FireWall-1 4.0, 4.1, and Next Generation
systems.
Hotfixes for VPN-1/FireWall-1 4.0 SP8, 4.1 SP4, 4.1 SP5, and Next
Generation Hotfix-2 are available for immediate download at
http://www.checkpoint.com/techsupport/index.html. 

Solution: 
Apply the relevant GUI Buffer Overflow Hotfix to the management station. 

Who is affected: 
All installations of VPN-1/FireWall-1 with Management Servers running on
Windows NT or Windows 2000. 

Immediate workaround: 
Allow GUI connections only from trusted hosts. 

Changes made in the Hotfix: 
The buffer checking on the Management Server has been improved. 

Download Information: 
The GUI Buffer Overflow Hotfix is available for immediate download at
the
Software Subscription Download Site
(http://www.checkpoint.com/techsupport/downloads/downloads.html) for the
following versions: 

VPN-1/FireWall-1 4.0 SP8 
VPN-1/FireWall-1 4.1 SP4 
VPN-1/FireWall-1 4.1 SP5 
VPN-1/FireWall-1 NG HF2 

NOTE: Management Servers with versions older than those listed above
must be first upgraded and then have the GUI Buffer Overflow Hotfix
applied.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC