Vulnerability Bulletins |
Denegación de servicio en CheckPoint FireWall-1 HTTP Security Server |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Compromiso Root |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Networking |
Affected software |
Check Point Firewall-1 NG FCS Check Point Firewall-1 NG FP1 Check Point Firewall-1 NG FP2 Check Point Firewall-1 NG FP3, HF2 Check Point Firewall-1 NG con Application Intelligence R54 Check Point Firewall-1 NG con Application Intelligence R5 |
Description |
|
Se ha encontrado una vulnerabilidad en FireWall-1 HTTP Security Servers, según la cual es posible provocar la caída del equipo bajo determinadas circunstancias. El fallo sólo se produce si se utiliza HTTP Security Server. Un aviso independiente de ISS X-Force afirmaba que el fallo podía aprovecharse para ejecutar código con privilegios de administrador, extremo que fue desmentido por Check Point. |
|
Solution |
|
Actualización de software CheckPoint FireWall-1 Actualización para HTTP Security Server http://www.checkpoint.com/techsupport/downloads/bin/firewall1/security_server_hotfix_cpsc.zip |
|
Standar resources |
|
Property | Value |
CVE | CAN-2004-0039 |
BID | |
Other resources |
|
CheckPoint Security Advisory: FireWall-1 HTTP Security Server Vulnerability http://www.checkpoint.com/techsupport/alerts/security_server.html CheckPoint: Additional instructions to apply the patch http://www.checkpoint.com/techsupport/downloads/docs/firewall1/FW-1_SS_Hotfix_RNs.pdf ISS Advisory: Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities http://xforce.iss.net/xforce/alerts/id/162 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-02-05 |