-----Original Message----- From: Gregg Shankle [mailto:Gregg.Shankle@private] Sent: Thursday, February 05, 2004 8:16 AM To: Gregg Shankle Subject: High read - Cyber Advisory "Checkpoint vulnerabilities" The following is a Cyber Advisory from our New York State infrastructure sharing partners. _______________________________________________ ADVISORY NUMBER 2004-006 DATE ISSUED: Thursday, February 5, 2004 NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER ADVISORY SUBJECT: Multiple vulnerabilities in Checkpoint products could result in a compromise of the firewall. OVERVIEW: Internet Security Systems X-Force discovered multiple vulnerabilities in certain Checkpoint firewall products that provide added protection from attacks for web servers. If these vulnerabilities are exploited by an attacker it could result in a compromise of the firewall and potential access to other systems. AFFECTED VERSIONS: Checkpoint Firewall-1 NG-AI R55, R54, including SSL hotfix Checkpoint Firewall-1 HTTP Security Server included with NG FP1, FP2, FP3 Checkpoint Firewall-1 HTTP Security Server included with 4.1 RISK: Government: * Large and medium government entities: High * Small government entities: High Businesses: * Large and medium business entities: High * Small business entities: High Home users: Generally not applicable DESCRIPTION: These vulnerabilities can be exploited if HTTP Application Intelligence is enabled or the HTTP Security Server is used. Once exploited, a remote attacker could execute random code of their choice with administrative level (i.e. "system", "root" or "administrator") privileges by transmitting crafted HTTP requests containing invalid data. Once the firewall is compromised, the attacker could modify firewall rules to gain access to other systems. RECOMMENDATIONS: There is no workaround for this vulnerability. The only solution is to apply the update provided by Check Point at http://www.checkpoint.com/techsupport/alerts/security_server.html after appropriate testing. REFERENCES: Internet Security Systems: http://xforce.iss.net/xforce/alerts/id/162 Checkpoint: http://www.checkpoint.com/techsupport/alerts/security_server.html Secunia: http://www.secunia.com/advisories/10794/ Security Tracker: http://www.securitytracker.com/alerts/2004/Feb/1008947.html ________________________________________________________________________ ___________________________________ ADVISORY NUMBER 2004-007 DATE ISSUED: Thursday, February 5, 2004 NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER ADVISORY SUBJECT: Vulnerability in Check Point VPN products could result in a system compromise. OVERVIEW: Internet Security Systems X-Force discovered a vulnerability in Check Point VPN-1 server and Checkpoint VPN client that could allow someone to take control of the firewall or client. Functional exploit code for this vulnerability has been developed and tested using real-world scenarios by X-Force. AFFECTED VERSIONS: Checkpoint VPN-1 Server 4.1 and SP6 with OpenSSL Hotfix Checkpoint SecuRemote/SecureClient 4.1 up to and including build 4200 Note that Checkpoint NG products are not affected. RISK: Government: * Large and medium government entities: High * Small government entities: High Businesses: * Large and medium business entities: High * Small business entities: High Home users: Generally not applicable DESCRIPTION: This flaw relates to the Internet Security Association and Key Management Protocol (ISAKMP) processing for both of these products. ISAKMP is a major method for implementation of Virtual Private Networks (VPNs) which is a common method for encrypting sensitive information over a public network. If a remote attacker exploits this buffer overflow vulnerability they could gain administrative level (i.e. "system", "root" or "administrator") privileges on the VPN-1 server and/or client system running SecureClient/SecureClient. Once one of these systems is compromised the attacker could then attempt to compromise other systems on the network by modifying firewall rules and configurations. RECOMMENDATIONS: There is no known workaround for this vulnerability and Check Point no longer supports the affected versions. Therefore the only solution is to upgrade to the NG versions of the products. REFERENCES: ISS: http://xforce.iss.net/xforce/alerts/id/163 Secunia: http://www.secunia.com/advisories/10795/ Auscert: http://www.auscert.org.au/render.html?it=3816 Security Tracker: http://www.securitytracker.com/alerts/2004/Feb/1008948.html end
This archive was generated by hypermail 2b30 : Thu Feb 05 2004 - 19:00:16 PST