Date: Fri, 30 Nov 2001 10:32:52 -0500
From: Scott Walker Register <[email protected]>
To: [email protected]Subject: Fw: Firewall-1 remote SYSTEM shell buffer overflow
Check Point has investigated this issue and determined that this vulnerability has
already been disclosed and corrected. For further information, please refer to
http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html . Note that this
issue is also fixed in VPN-1/FW-1 version NG, Feature Pack 1.
-SwR
------------------------
> From: Indigo <[email protected]>
> Subject: Firewall-1 remote SYSTEM shell buffer overflow
> Date: 28 Nov 2001 20:08:14 -0000
> To: [email protected]
>
>
> Mailer: SecurityFocus
>
> As you can see I've got a few weeks free between
> jobs to write some overflows!
>
> Here's badboy.c the overflow for Checkpoint Firewall-1
>
> NB The overflow only works if you launch the attack
> from a valid GUI client machine i.e. your IP address
> must be present in the target firewall's
> $FWDIR/conf/gui-clients file.
>
---------------End of Original Message-----------------
----------------------------------------------------------------
[email protected] || FireWall-1 Product Manager
Check Point Software Technologies, Inc.
2255 Glades Road / Suite 324A \ Boca Raton, FL 33431
Voice: 561.989.5418 | Fax: 561.997.5421 | 11/30/01 10:32:52
----------------------------------------------------------------
