Date: Thu, 28 Mar 2024 13:08:11 -0400 (EDT) Message-ID: <1925363452.499.1711645691355@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_498_17995213.1711645691352" ------=_Part_498_17995213.1711645691352 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
A complete revision history is at the end of this fi= le.
A vulnerability i= n Check Point FireWall-1 and VPN-1 may allow an intruder to pass traffic th= rough the firewall on port 259/UDP.
Inside Security GmbH has discovered a vulne= rability in Check Point FireWall-1 and VPN-1 that allows an intruder to byp= ass the firewall. The default FireWall-1 management rules allow arbitrary R= DP connections to traverse the firewall.
FireWall-1 and VPN-1 include= support for RDP, but they do not provide adequate security controls. Quoti= ng from the advisory provided by Inside Security GmbH:
By adding a faked RDP header to normal UDP traffic any content can be passe= d to port 259 on any remote host on either side of the firewall.
For more information, see the Inside Security GmbH security= advisory, available at
Although the CERT/CC has not seen any incident activity related to = this vulnerability, we do recommend that all affected sites upgrade their C= heck Point software as soon as possible.
An intruder can = pass UDP traffic with arbitrary content through the firewall on port 259 in= violation of implied security policies.
If an intruder can gain cont= rol of a host inside the firewall, he may be able to use this vulnerability= to tunnel arbitrary traffic across the firewall boundary.
Additional= ly, even if an intruder does not have control of a host inside the firewall= , he may be able to use this vulnerability as a means of exploiting another= vulnerability in software listening passively on the internal network.
=Finally, an intruder may be able to use this vuln= erability to launch certain kinds of denial-of-service attacks.
Install a patch from Check Point Software Technologies= . More information is available in Appendix A.
Until a patch can be applied, you may be able to reduce your exposure to= this vulnerability by configuring your router to block access to 259/UDP a= t your network perimeter.
Download the patch from Check Point's web site:
Our thanks to Inside Security GmbH for the information contained in = their advisory.
This document was written by Ian A. Finlay. If you have feed= back concerning this document, please send email to:
Copyright 2001 Carnegie Mellon University.
Revision History= p>
July 09, 2001: Initial Release July 09, 2001: Removed references to RFC's describing RDP. Specifically,=20 we removed the references to RFC-908 and RFC-1151. July 09, 2001: Added reference to Check Point's security document. July 12, 2001: Added version 4.0 to systems affected section.