Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: fw-17.htm

Check Point Firewall-1 on Windows NT - raise firewall load to 100%



    Check Point Firewall-1 on Windows NT


    Following  is  based  on  a  FSC  Internet  Corp./SecureXpert Labs
    Advisory.   The  SMTP  Security  Server  component  of Check Point
    Firewall-1 4.0  and 4.1  is vulnerable  to a  simple network-based
    attack which raises the firewall load to 100%.

    Check  Point  Firewall-1  includes  a  component  called  the SMTP
    Security Server.   This is  an SMTP  proxy, the  use of  which  is
    required  by   several  of   Firewall-1's  advanced   SMTP   email
    processing capabilities,  including CVP-based  virus scanning  and
    URI filtering.

    The Check Point Firewall-1 SMTP Security Server in Firewall-1  4.0
    and 4.1  on Windows  NT is  vulnerable to  a simple  network-based
    attack which can increase the firewall's CPU utilization to 100%.

    Sending a stream of binary zeros over the network to the SMTP port
    on the  firewall raises  the target  system's load  to 100%  while
    the load on the attacker's system machine remains relatively  low.
    This can  easily be  reproduced from  a Linux  system using netcat
    with an input of /dev/zero, with a command such as

        nc firewall 25 < /dev/zero

    This vulnerability could allow  a very quick and  easy distributed
    attack on Check Point Firewall-1.


    Check  Point  Software  Technologies  has  been  informed  of this
    vulnerability, and has  assigned it incident  ID# TT44913.   As of
    June  20,  2000  Check  Point  has  stated  that  a  fix  for this
    vulnerability will NOT  be included in  Service Pack 2  (SP-2) for
    Check Point firewall-1 4.1, but  it will "probably be included  in

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH