Bugtraq mailing list archives

Re: Two checkpoint fw-1/vpn-1 vulns

From: Markus Wernig <listener () wernig net>
Date: Fri, 06 Feb 2004 14:41:15 +0100

On Thu, 2004-02-05 at 17:22, Bjørnar Bjørgum Larsen wrote:

see

http://xforce.iss.net/xforce/alerts/id/162


It is in fact a bit confusing, as ISS states that any FW-1 AI
installation is vulnerable, as soon as AI is enabled (which it is by
default), while Checkpoint claims that only systems with the HTTP
security servers enabled (which you have to do explicitly) are
vulnerable.

Does anybody have any reliable information about that?
Does anybody know how a possible attack could work or even have a hint
how to craft a snort signature? (Please excuse the irony snort::ISS, it
is not intended)

rgds /markus

--
Markus Wernig
UNIX/Network and Security Engineer
 
-> GPG: markus.wernig.net/pubkey
-> Linux User Group Bern: www.lugbe.ch
-> Freie Software f. die Schweiz: wilhelmtux.ch

Current thread:

Two checkpoint fw-1/vpn-1 vulns Bjørnar Bjørgum Larsen (Feb 05)
- Re: Two checkpoint fw-1/vpn-1 vulns Markus Wernig (Feb 06)
- Re: Two checkpoint fw-1/vpn-1 vulns Mariusz Woloszyn (Feb 06)