[21410] in bugtraq
Check Point response to RDP Bypass
daemon@ATHENA.MIT.EDU (aleph1@securityfocus.com)
Mon Jul 9 14:37:37 2001
Date: Mon, 9 Jul 2001 09:34:30 -0600
From: aleph1@securityfocus.com
To: bugtraq@securityfocus.com
Message-ID: <20010709093430.X26952@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
----- Forwarded message from Scott Walker Register <scott.register@us.checkpoint.com> -----
From: Scott Walker Register <scott.register@us.checkpoint.com>
To: aleph1@securityfocus.com
Cc: cert@cert.org
Subject: Check Point response to RDP Bypass
Date: Mon, 9 Jul 2001 10:33:42 -0500
Message-ID: <Chameleon.994689280.walker@stinky>
X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E]
Check Point uses a protocol called RDP (UDP/259) for some internal communication between software components (this is not the same RDP as IP protocol 27). By default, VPN-1/FireWall-1 allows RDP packets to traverse firewall gateways in order to simplify encryption setup. Under some conditions, packets with RDP headers could be constructed which would be allowed across a VPN-1/FireWall-1 gateway without being explicitly allowed by the rule base.
A hotfix is available for immediate download which addresses this issue. Further details are available at http://www.checkpoint.com/techsupport/alerts/ .
Check Point acknowledges Jochen Bauer and Boris Wesslowski of Inside Security GmbH, Stuttgart, Germany, for this contribution and their ethical and forthright cooperation.
----- End forwarded message -----
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
