[SECURITY-L] [S] Firewall-1 HTTP Security Server Vulnerability

CSIRT - UNICAMP security em unicamp.br
Seg Fev 9 11:23:33 -02 2004 

----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----

From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] Firewall-1 HTTP Security Server Vulnerability
To: seguranca em pangeia.com.br
Date: Thu, 5 Feb 2004 22:37:10 -0200


[http://www.checkpoint.com/techsupport/alerts/security_server.html]

05 February 2004

A vulnerability in the FireWall-1 HTTP Security Servers exists that may cause it to crash in certain circumstances, which in theory only, may allow further exploitation. This issue only exists when using HTTP Security Servers.

In order to protect FireWall-1 against this vulnerability, Check Point recommends that customers apply a simple change to a configuration file on the enforcement modules that will solve the problem.

Affected Releases: 
VPN-1/FireWall-1 NG and above, when using HTTP Security Servers.

If the HTTP Security Servers are not in use on the module, there is no need to install the update.

The update is applicable on the following releases:

NG FP3 HF2 
NG with Application Intelligence R54 
NG with Application Intelligence R55 
Other NG based releases (NG FCS, NG FP1, NG FP2 ...) 
This update is available to all customers from the links below. This same update is applied to all platforms and releases of Next Generation and Next Generation with Application Intelligence.

FireWall-1 HTTP Security Server Update
(11.60 KB, MD5:53b05a8374145058f27e079cafa06add)

Simple Installation Instructions:
In most deployments, the cpsc.en_us file (located in $FWDIR/conf/cpsc/) has not been manually adjusted. Simply apply the fix by replacing the cpsc.en_us with the new version as follows:

Backup $FWDIR/conf/cpsc/cpsc.en_us 
Please copy (and rename) the fixed cpsc.conf file the to $FWDIR/conf/cpsc/cpsc.en_us 
If you are using non-English language, replace the cpsc.XXX file appropriate for your language.

Please copy the fixed cpsc.conf file to $FWDIR/lib/cpsc.conf (overwrite the existing file) 
In order to activate the change, restart the fwd by running "fw kill fwd" 
For additional detailed instructions to manually edit the cpsc.conf file, click here.
<www.checkpoint.com/techsupport/downloads/docs/firewall1/FW-1_SS_Hotfix_RNs.pdf> 

----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L