[21462] in bugtraq
Re: Check Point response to RDP Bypass
daemon@ATHENA.MIT.EDU (Johan Lindqvist)
Wed Jul 11 13:05:22 2001
From: "Johan Lindqvist" <jlindq@hotmail.com>
To: bugtraq@securityfocus.com
Date: Wed, 11 Jul 2001 11:41:23 +0200
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F108146KXzQt1aP5N1l0000fc89@hotmail.com>
The original advisory
(http://www.inside-security.de/advisories/fw1_rdp.html) says that a
workaround is to "Deactivate implied rules in the Check Point policy editor
(and build your own rules for management connections).". I've not been able
to find any changes in the INSPECT code generated to confirm that not using
the implied rules from "Policy/properties/Security policy/Implied
rules/Accept VPN-1 & FireWall-1 Control Connection"
Does deactiviating the implied rule stop the vulnerability?
/Johan Lindqvist
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/E d+ s: a- C++(+++)$ ULOSI*++(++++)$ P+++$>++++$ L++ E>++$ W+(+++)
N++ o? K-? w---(++)$ O? M-(+) V? PS++ PE-(--) Y++(+) PGP++ t++@ !5-
!X- R tv b++ DI++++ D+ G++ e+++ h---- r+++ y++++
------END GEEK CODE BLOCK------
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
