Home page logo
/

bugtraq logo Bugtraq mailing list archives

Fw: Firewall-1 remote SYSTEM shell buffer overflow
From: Scott Walker Register <scott.register () us checkpoint com>
Date: Fri, 30 Nov 2001 10:32:52 -0500



Check Point has investigated this issue and determined that this vulnerability has 
already been disclosed and corrected.  For further information, please refer to 
http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html .  Note that this 
issue is also fixed in VPN-1/FW-1 version NG, Feature Pack 1.

-SwR

------------------------
  From: Indigo <indig0 () talk21 com>
  Subject: Firewall-1 remote SYSTEM shell buffer overflow
  Date: 28 Nov 2001 20:08:14 -0000 
  To: bugtraq () securityfocus com


Mailer: SecurityFocus

As you can see I've got a few weeks free between 
jobs to write some overflows!

Here's badboy.c the overflow for Checkpoint Firewall-1

NB The overflow only works if you launch the attack 
from a valid GUI client machine i.e. your IP address 
must be present in the target firewall's 
$FWDIR/conf/gui-clients file.


---------------End of Original Message-----------------

----------------------------------------------------------------
Scott.Register () us CheckPoint com  ||  FireWall-1 Product Manager
               Check Point Software Technologies, Inc.
2255 Glades Road    /    Suite 324A     \  Boca Raton, FL  33431
Voice: 561.989.5418 | Fax: 561.997.5421  |   11/30/01   10:32:52
----------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]