February 05, US-CERT
The Application Intelligence (AI) component of Check Point Firewall-1 is an application proxy that scans traffic for application layer attacks once it has passed through the firewall at the network level. Both the AI and HTTP Security Server features contain an HTTP parsing vulnerability that is triggered by sending an invalid HTTP request through the firewall. When Firewall-1 generates an error message in response to the invalid request, a portion of the input supplied by the attacker is included in the format string for a call to sprintf(). It is possible to exploit this format string vulnerability to execute commands on the firewall. This vulnerability can be exploited as a heap overflow, which would allow an attacker to execute arbitrary code. In either case, the commands or code executed by the attacker would run with administrative privileges, typically "SYSTEM" or "root".
Additional information and a patch are available on the Check Point Website:
http://www.checkpoint.com/techsupport/alerts/security_server.html
Source:
http://www.us−cert.gov/cas/techalerts/TA04-036A.html
The Application Intelligence (AI) component of Check Point Firewall-1 is an application proxy that scans traffic for application layer attacks once it has passed through the firewall at the network level. Both the AI and HTTP Security Server features contain an HTTP parsing vulnerability that is triggered by sending an invalid HTTP request through the firewall. When Firewall-1 generates an error message in response to the invalid request, a portion of the input supplied by the attacker is included in the format string for a call to sprintf(). It is possible to exploit this format string vulnerability to execute commands on the firewall. This vulnerability can be exploited as a heap overflow, which would allow an attacker to execute arbitrary code. In either case, the commands or code executed by the attacker would run with administrative privileges, typically "SYSTEM" or "root".
Additional information and a patch are available on the Check Point Website:
http://www.checkpoint.com/techsupport/alerts/security_server.html
Source:
http://www.us−cert.gov/cas/techalerts/TA04-036A.html