Bugtraq mailing list archives
Re: Two checkpoint fw-1/vpn-1 vulns
From: Markus Wernig <listener () wernig net>
Date: Fri, 06 Feb 2004 14:41:15 +0100
On Thu, 2004-02-05 at 17:22, Bjørnar Bjørgum Larsen wrote:
see
http://xforce.iss.net/xforce/alerts/id/162
It is in fact a bit confusing, as ISS states that any FW-1 AI installation is vulnerable, as soon as AI is enabled (which it is by default), while Checkpoint claims that only systems with the HTTP security servers enabled (which you have to do explicitly) are vulnerable. Does anybody have any reliable information about that? Does anybody know how a possible attack could work or even have a hint how to craft a snort signature? (Please excuse the irony snort::ISS, it is not intended) rgds /markus -- Markus Wernig UNIX/Network and Security Engineer -> GPG: markus.wernig.net/pubkey -> Linux User Group Bern: www.lugbe.ch -> Freie Software f. die Schweiz: wilhelmtux.ch
Current thread:
- Two checkpoint fw-1/vpn-1 vulns Bjørnar Bjørgum Larsen (Feb 05)
- Re: Two checkpoint fw-1/vpn-1 vulns Markus Wernig (Feb 06)
- Re: Two checkpoint fw-1/vpn-1 vulns Mariusz Woloszyn (Feb 06)