Check Point has investigated this issue and determined that this vulnerability has already been disclosed and corrected. For further information, please refer to http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html . Note that this issue is also fixed in VPN-1/FW-1 version NG, Feature Pack 1. -SwR ------------------------ > From: Indigo <indig0at_private> > Subject: Firewall-1 remote SYSTEM shell buffer overflow > Date: 28 Nov 2001 20:08:14 -0000 > To: bugtraqat_private > > > Mailer: SecurityFocus > > As you can see I've got a few weeks free between > jobs to write some overflows! > > Here's badboy.c the overflow for Checkpoint Firewall-1 > > NB The overflow only works if you launch the attack > from a valid GUI client machine i.e. your IP address > must be present in the target firewall's > $FWDIR/conf/gui-clients file. > ---------------End of Original Message----------------- ---------------------------------------------------------------- Scott.Registerat_private || FireWall-1 Product Manager Check Point Software Technologies, Inc. 2255 Glades Road / Suite 324A \ Boca Raton, FL 33431 Voice: 561.989.5418 | Fax: 561.997.5421 | 11/30/01 10:32:52 ----------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 08:01:58 PST