[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Check Point RDP bypass vulnerability
Do you not pay attention, this has been discussed for weeks. Forgive me I am very irritated. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: July 09, 2001 3:35 PM To: [email protected] Subject: [FW1] Check Point RDP bypass vulnerability I haven't seen this show up on the list yet so I thought I'd send it through. It's probably cue'd up right now and we'll see a deluge of these anytime. Anyhow.... Inside Security GmbH has discovered a vulnerability in CP FW-1 that will allow UDP packets with a fake RDP header to be forwarded to an internal host on port 259. Here's the links: Original Buqtraq post: http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fl ist%3D1%26start%3D2001-07-08%26mid%3D195620%26fromthread%3D0%26threads%3 D0%26end%3D2001-07-14%26 CERT advisory: http://www.cert.org/advisories/CA-2001-17.html Inside Security GmbH advisory (same as Bugtraq): http://www.inside-security.de/advisories/fw1_rdp.html Check Point's response with hotfixes: http://www.checkpoint.com/techsupport/alerts/rdp.html The advisory said proof of concept code will be released in a couple of days so let's see everyone patch this up before someone puts together a trojan that uses this vulnerability. Regards, Jason Stout ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|