('binary' encoding is not supported, stored as-is) In-Reply-To: <1779CE9992706F45BDC9575124A5AAE50122188A@a0001-xpo0114-s.hodc.ad.allstate.com> Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server & management are separated. It seems that syslog is running on port 514udp: $ ps -aef | grep syslog root 7239 7231 0 Mar23 ? 00:00:01 syslog 514 all Maybe the wording Checkpoint used on their web site. "Prior to the release of NG FP3 HF2......." really does include ALL releases before FP3 Rizan >Received: (qmail 16221 invoked from network); 21 Mar 2003 23:10:48 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 21 Mar 2003 23:10:48 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id 337008F31B; Fri, 21 Mar 2003 16:10:34 -0700 (MST) >Mailing-List: contact bugtraq-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraqat_private> >List-Help: <mailto:bugtraq-helpat_private> >List-Unsubscribe: <mailto:bugtraq-unsubscribeat_private> >List-Subscribe: <mailto:bugtraq-subscribeat_private> >Delivered-To: mailing list bugtraqat_private >Delivered-To: moderator for bugtraqat_private >Received: (qmail 1533 invoked from network); 21 Mar 2003 18:47:50 -0000 >Message-ID: <1779CE9992706F45BDC9575124A5AAE50122188A@a0001-xpo0114- s.hodc.ad.allstate.com> >From: "Hines, Eric" <ehin4at_private> >To: dchesterfieldat_private >Subject: RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog > daemon possible >Date: Fri, 21 Mar 2003 12:59:20 -0600 >MIME-Version: 1.0 >X-Mailer: Internet Mail Service (5.5.2653.19) >content-class: urn:content-classes:message >Content-Type: text/plain; > charset="iso-8859-1" > >Alright. I was just concerned because of the wording Checkpoint used on >their web site. >"Prior to the release of NG FP3 HF2......." > >I'm going to assume they were referring to the HF2 portion of that, and not >< FP3 > > >Eric Hines > > > >-----Original Message----- >From: dchesterfieldat_private [mailto:dchesterfieldat_private] >Sent: Friday, March 21, 2003 12:53 PM >To: Hines, Eric >Cc: Maillist Bugtraq; Dr. Peter Bieringer >Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against >syslog daemon possible > > > >The daemon was apparently only introduced since FP3 > > > > > > "Hines, Eric" > > <ehin4at_private To: "Dr. Peter >Bieringer" <pbieringerat_private>, Maillist Bugtraq > om> <bugtraqat_private> > > cc: > > 21/03/2003 06:31 Subject: Re: Check Point >FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon > pm possible > > > > > > > >Has anyone tested these vulnerabilities on NG FP1 or are they strictly >related to FP3? > >Eric Hines > > > > >-----Original Message----- >From: Dr. Peter Bieringer [mailto:pbieringerat_private] >Sent: Friday, March 21, 2003 6:47 AM >To: Maillist Bugtraq; Maillist full-disclosure >Subject: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog >daemon possible > > >Hi all, > >interesting for all Check Point FW-1 NG users which have enabled the >since >FP3 included syslog daemon. > > > > >
This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 09:34:45 PST