Hi again, regarding to some statements and personal e-mails to me of a) which versions are affected and )b we have no FP3, but a running "syslog" process I've doublechecked this here in our lab and can confirm Check Point's advisory "Prior to the release of NG FP3 HF2" for some more cases: Check Point FW-1 since NG FP3: ------------------------------ The syslog daemon is a dedicated binary "$FWDIR/bin/syslog" Vulnerable for remote crash (FP3, FP3 HF1) Vulnerable unfiltered escape sequences (FP3, FP3 HF1, FP3 HF2) Check Point FW-1 NG up to FP2: ------------------------------ The syslog daemon is included in the "$FWDIR/bin/fw" binary by using "$FWDIR/lib/libfw1.so" Vulnerable for remote crash (FP2) Vulnerable unfiltered escape sequences (FP2) Other NG versions below FP2 currently not tested by us, but regarding to Check Point's advisory they are also vulnerable. Note: in the process table you will see also "syslog 514 all", a "ghost" program which didn't exist before FP3, but that's only the command line arguments. A dig into /proc/$pid-of/syslog shows, that "fw" is the real executed binary. Check Point FW-1 4.1: --------------------- The syslog daemon is included in the "$FWDIR/bin/fw" binary without using any other Check Point specific library. We currently investigate also here the 2 issues. Hope this helps. We've also already updated our advisory: http://www.aerasec.de/security/advisories/txt/ checkpoint-fw1-ng-fp3-syslog-crash.txt http://www.aerasec.de/security/advisories/ checkpoint-fw1-ng-fp3-syslog-crash.html Sorry for causing some confusions. Peter -- Dr. Peter Bieringer Phone: +49-8102-895190 AERAsec Network Services and Security GmbH Fax: +49-8102-895199 Wagenberger Straße 1 Mobile: +49-174-9015046 D-85662 Hohenbrunn E-Mail: pbieringerat_private Germany Internet: http://www.aerasec.de _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 11:00:43 PST