Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible
From: Rizan Sheikh Mohd <sheikhrizan () rocketmail com>
Date: 24 Mar 2003 01:25:36 -0000

In-Reply-To: <1779CE9992706F45BDC9575124A5AAE50122188A () a0001-xpo0114-s hodc ad allstate com>

Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server & 
management are separated. It seems that syslog is running on port 514udp:

$ ps -aef | grep syslog
root      7239  7231  0 Mar23 ?        00:00:01 syslog 514 all

Maybe the wording Checkpoint used on their web site.
"Prior to the release of NG FP3 HF2......." really does include ALL 
releases before FP3 

Rizan


Received: (qmail 16221 invoked from network); 21 Mar 2003 23:10:48 -0000
Received: from outgoing2.securityfocus.com (HELO 
outgoing.securityfocus.com) (205.206.231.26)
 by mail.securityfocus.com with SMTP; 21 Mar 2003 23:10:48 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])
      by outgoing.securityfocus.com (Postfix) with QMQP
      id 337008F31B; Fri, 21 Mar 2003 16:10:34 -0700 (MST)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 1533 invoked from network); 21 Mar 2003 18:47:50 -0000
Message-ID: <1779CE9992706F45BDC9575124A5AAE50122188A () a0001-xpo0114-
s.hodc.ad.allstate.com>
From: "Hines, Eric" <ehin4 () allstate com>
To: dchesterfield () bankofny com
Subject: RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog 
              daemon possible
Date: Fri, 21 Mar 2003 12:59:20 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
content-class: urn:content-classes:message
Content-Type: text/plain;
      charset="iso-8859-1"

Alright. I was just concerned because of the wording Checkpoint used on
their web site.
"Prior to the release of NG FP3 HF2......."

I'm going to assume they were referring to the HF2 portion of that, and 
not
< FP3


Eric Hines



-----Original Message-----
From: dchesterfield () bankofny com [mailto:dchesterfield () bankofny com]
Sent: Friday, March 21, 2003 12:53 PM
To: Hines, Eric
Cc: Maillist Bugtraq; Dr. Peter Bieringer
Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against
syslog daemon possible



The daemon was apparently only introduced since FP3





                     "Hines, Eric"

                     <ehin4 () allstate c        To:       "Dr. Peter
Bieringer" <pbieringer () aerasec de>, Maillist Bugtraq                 
                     om>                       
<bugtraq () securityfocus com>

                                              cc:

                     21/03/2003 06:31         Subject:  Re: Check Point
FW-1 NG FP3 & FP3 HF1: DoS attack against syslog        daemon  
                     pm                        possible







Has anyone tested these vulnerabilities on NG FP1 or are they strictly
related to FP3?

Eric Hines




-----Original Message-----
From: Dr. Peter Bieringer [mailto:pbieringer () aerasec de]
Sent: Friday, March 21, 2003 6:47 AM
To: Maillist Bugtraq; Maillist full-disclosure
Subject: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog
daemon possible


Hi all,

interesting for all Check Point FW-1 NG users which have enabled the
since
FP3 included syslog daemon.







  By Date           By Thread  

Current thread:
  • Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible Rizan Sheikh Mohd (Mar 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]