[33482] in bugtraq
Re: Two checkpoint fw-1/vpn-1 vulns
daemon@ATHENA.MIT.EDU (Markus Wernig)
Fri Feb 6 17:04:26 2004
From: Markus Wernig <listener@wernig.net>
To: bugtraq@securityfocus.com
In-Reply-To: <FD72AF7813F1294C95279EC6D9784A2FE0F53E@100NOOSLMSG004.common.alpharoot.net>
Content-Type: text/plain; charset=ISO-8859-1
Message-Id: <1076074874.25156.59.camel@power.post.ch>
Mime-Version: 1.0
Date: Fri, 06 Feb 2004 14:41:15 +0100
Content-Transfer-Encoding: 8bit
On Thu, 2004-02-05 at 17:22, Bjørnar Bjørgum Larsen wrote:
> see
> http://xforce.iss.net/xforce/alerts/id/162
>
It is in fact a bit confusing, as ISS states that any FW-1 AI
installation is vulnerable, as soon as AI is enabled (which it is by
default), while Checkpoint claims that only systems with the HTTP
security servers enabled (which you have to do explicitly) are
vulnerable.
Does anybody have any reliable information about that?
Does anybody know how a possible attack could work or even have a hint
how to craft a snort signature? (Please excuse the irony snort::ISS, it
is not intended)
rgds /markus
--
Markus Wernig
UNIX/Network and Security Engineer
-> GPG: markus.wernig.net/pubkey
-> Linux User Group Bern: www.lugbe.ch
-> Freie Software f. die Schweiz: wilhelmtux.ch
