Bugtraq mailing list archives

Check Point response to RDP Bypass

From: aleph1 () securityfocus com
Date: Mon, 9 Jul 2001 09:34:30 -0600

----- Forwarded message from Scott Walker Register <scott.register () us checkpoint com> -----

From: Scott Walker Register  <scott.register () us checkpoint com>
To: aleph1 () securityfocus com
Cc: cert () cert org
Subject: Check Point response to RDP Bypass
Date: Mon,  9 Jul 2001 10:33:42 -0500
Message-ID: <Chameleon.994689280.walker@stinky>
X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E]

Check Point uses a protocol called RDP (UDP/259) for some internal communication between software components (this is 
not the same RDP as IP protocol 27).  By default, VPN-1/FireWall-1 allows RDP packets to traverse firewall gateways in 
order to simplify encryption setup.  Under some conditions, packets with RDP headers could be constructed which would 
be allowed across a VPN-1/FireWall-1 gateway without being explicitly allowed by the rule base.  

A hotfix is available for immediate download which addresses this issue.  Further details are available at 
http://www.checkpoint.com/techsupport/alerts/ .

Check Point acknowledges Jochen Bauer and Boris Wesslowski of Inside Security GmbH, Stuttgart, Germany, for this 
contribution and their ethical and forthright cooperation.

----- End forwarded message -----

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Current thread:

Check Point response to RDP Bypass aleph1 (Jul 09)
- <Possible follow-ups>
- Re: Check Point response to RDP Bypass Johan Lindqvist (Jul 11)
  - Re: Check Point response to RDP Bypass Jochen Bauer (Jul 11)
  - Re: Check Point response to RDP Bypass Hugo van der Kooij (Jul 12)
- RE: Check Point response to RDP Bypass Clarke, Paul [IT] (Jul 15)