[23332] in bugtraq
Fw: Firewall-1 remote SYSTEM shell buffer overflow
daemon@ATHENA.MIT.EDU (Scott Walker Register)
Fri Nov 30 11:14:52 2001
Date: Fri, 30 Nov 2001 10:32:52 -0500
From: Scott Walker Register <scott.register@us.checkpoint.com>
To: bugtraq@securityfocus.com
Message-ID: <Chameleon.1007134549.walker@stinky>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1
Check Point has investigated this issue and determined that this vulnerability has
already been disclosed and corrected. For further information, please refer to
http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html . Note that this
issue is also fixed in VPN-1/FW-1 version NG, Feature Pack 1.
-SwR
------------------------
> From: Indigo <indig0@talk21.com>
> Subject: Firewall-1 remote SYSTEM shell buffer overflow
> Date: 28 Nov 2001 20:08:14 -0000
> To: bugtraq@securityfocus.com
>
>
> Mailer: SecurityFocus
>
> As you can see I've got a few weeks free between
> jobs to write some overflows!
>
> Here's badboy.c the overflow for Checkpoint Firewall-1
>
> NB The overflow only works if you launch the attack
> from a valid GUI client machine i.e. your IP address
> must be present in the target firewall's
> $FWDIR/conf/gui-clients file.
>
---------------End of Original Message-----------------
----------------------------------------------------------------
Scott.Register@us.CheckPoint.com || FireWall-1 Product Manager
Check Point Software Technologies, Inc.
2255 Glades Road / Suite 324A \ Boca Raton, FL 33431
Voice: 561.989.5418 | Fax: 561.997.5421 | 11/30/01 10:32:52
----------------------------------------------------------------
