[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Check Point RDP bypass vulnerability
Hi, We are using FW-1 Ver 4.0, does anyone know if this vulnerability affects ver 4.0? Cheers, Ivan --- [email protected] wrote: > > I haven't seen this show up on the list yet so I > thought I'd send it through. It's probably cue'd up > right now and we'll see a deluge of these anytime. > Anyhow.... > > Inside Security GmbH has discovered a vulnerability > in CP FW-1 that will allow UDP packets with a fake > RDP header to be forwarded to an internal host on > port 259. > > Here's the links: > > Original Buqtraq post: > http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-07-08%26mid%3D195620%26fromthread%3D0%26threads%3D0%26end%3D2001-07-14%26 > > CERT advisory: > http://www.cert.org/advisories/CA-2001-17.html > > Inside Security GmbH advisory (same as Bugtraq): > http://www.inside-security.de/advisories/fw1_rdp.html > > Check Point's response with hotfixes: > http://www.checkpoint.com/techsupport/alerts/rdp.html > > The advisory said proof of concept code will be > released in a couple of days so let's see everyone > patch this up before someone puts together a trojan > that uses this vulnerability. > > Regards, > Jason Stout > > > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ > _______________________________________________________ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|