Vulnerability Bulletins

int(596)

Vulnerability Bulletins

Denegación de servicio en CheckPoint FireWall-1 HTTP Security Server
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Compromiso Root
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	Networking
Affected software	Check Point Firewall-1 NG FCS Check Point Firewall-1 NG FP1 Check Point Firewall-1 NG FP2 Check Point Firewall-1 NG FP3, HF2 Check Point Firewall-1 NG con Application Intelligence R54 Check Point Firewall-1 NG con Application Intelligence R5
Description
Se ha encontrado una vulnerabilidad en FireWall-1 HTTP Security Servers, según la cual es posible provocar la caída del equipo bajo determinadas circunstancias. El fallo sólo se produce si se utiliza HTTP Security Server. Un aviso independiente de ISS X-Force afirmaba que el fallo podía aprovecharse para ejecutar código con privilegios de administrador, extremo que fue desmentido por Check Point.
Solution
Actualización de software CheckPoint FireWall-1 Actualización para HTTP Security Server http://www.checkpoint.com/techsupport/downloads/bin/firewall1/security_server_hotfix_cpsc.zip
Standar resources
Property	Value
CVE	CAN-2004-0039
BID
Other resources
CheckPoint Security Advisory: FireWall-1 HTTP Security Server Vulnerability http://www.checkpoint.com/techsupport/alerts/security_server.html CheckPoint: Additional instructions to apply the patch http://www.checkpoint.com/techsupport/downloads/docs/firewall1/FW-1_SS_Hotfix_RNs.pdf ISS Advisory: Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities http://xforce.iss.net/xforce/alerts/id/162

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-02-05

Vulnerability Bulletins

Denegación de servicio en CheckPoint FireWall-1 HTTP Security Server

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history