SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   FireWall-1/VPN-1 Vendors:   Check Point
(Vendor Indicates That This is a Configuration Error, Not a Bug) Re: Check Point FireWall-1 HTTP Proxy Bug Lets Remote Users Bypass Some Access Controls and Connect to Arbitrary Ports on Internal/Protected Hosts
SecurityTracker Alert ID:  1003642
SecurityTracker URL:  http://securitytracker.com/id/1003642
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 22 2002
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1 SP5 (plus hotfixes)
Description:   An access control vulnerability was reported in Check Point's FireWall-1. A remote user can bypass access controls and connect to arbitrary ports on servers located behind the firewall via the HTTP Proxy.

In the original alert, it was reported that a remote user can initiate a connection to an IP addresses and web port located behind the firewall and then apply the HTTP CONNECT method to connect to another server, different from the IP address originally specified in the connection. The original report implied that this was a flaw in the firewall product.

The vendor has responded that this is not a flaw in the product, but rather, is an administrator configuration error that can be corrected with proper configuration of the rule base.

Impact:   A remote user can bypass access controls and access arbitrary ports on protected servers that the user is not authorized to connect to.
Solution:   Check Point has responded that the observed behavior of the firewall is due to an administrator configuration error. Check Point states that "connections via the HTTP security server are blocked unless specified in the rule base."

The vendor plans to provide enhanced control of this type of connection in the next product update to help administrators avoid making this type of configuration mistake.

Vendor URL:  www.checkpoint.com/techsupport/alerts/http_connect.html (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Red Hat Linux), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Feb 19 2002 Check Point FireWall-1 HTTP Proxy Bug Lets Remote Users Bypass Some Access Controls and Connect to Arbitrary Ports on Internal/Protected Hosts



 Source Message Contents

Subject:  HTTP Connect Commands


Check Point released a technical note regarding the HTTP Connect
vulnerability.  It is reported that connections are only permitted in
accordance with the rule base.  An administrator can design the rule
base to avoid this type of configuration error.

Check Point has provided the following text:

"As noted in the original posting, no escalation of privilege is granted
via the use of HTTP Connect commands with FireWall-1 HTTP security
server; that is, connections via the HTTP security server are blocked
unless specified in the rule base. Therefore, a properly constructed
rule base mitigates the effect of this malicious use of a valid function
of an HTTP proxy."

"Check Point is taking action to give administrators enhanced control of
this type of connection, and will offer that improved functionality in
the next product update."

Check Point's technical note is available at:

http://www.checkpoint.com/techsupport/alerts/http_connect.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC