Security News > 2001 > July > CERT warns firewall leaves open door to attackers

CERT warns firewall leaves open door to attackers
2001-07-10 08:54

http://it.mycareer.com.au/breaking/2001/07/10/FFX85T3KYOC.html Tuesday 10 July, 2001 09:46 GMT+10:00 By BARRY PARK, FAIRFAX IT A United States-based network security watchdog has warned of a security hole in firewall software that will give an attacker access to the system and could lead to a denial of service attack. An advisory from CERT overnight said Check Point VPN1 and FireWall1 Version 4.1 software contained a vulnerability that may allow an intruder to pass traffic through the firewall on port 259/UDP. The advisory said FireWall1 and VPN1 do not provide adequate security controls for RDP (reliable data protocol), a protocol designed to provide a reliable data transport service for packetbased applications such as remote loading and debugging, and supported by the firewall software. The company that discovered the security hole, Inside Security GmbH said an attacker could add a faked RDP header to normal UDP traffic, allowing any content to be passed to port 259 on any remote host on either side of the firewall. "Although the CERT/CC has not seen any incident activity related to this vulnerability, we do recommend that all affected sites upgrade their Check Point software as soon as possible," the advisory from CERT says. "If an intruder can gain control of a host inside the firewall, he may be able to use this vulnerability to tunnel arbitrary traffic across the firewall boundary. "Additionally, even if an intruder does not have control of a host inside the firewall, he may be able to use this vulnerability as a means of exploiting another vulnerability in software listening passively on the internal network," it says. CERT said an intruder may be able to use this vulnerability to launch certain kinds of denialofservice attacks. The advisory recommends that routers be configured to block access to port 259/UDP until a patch is applied from http://www.checkpoint.com/techsupport/downloads ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribe () SecurityFocus com


News URL

http://it.mycareer.com.au/breaking/2001/07/10/FFX85T3KYOC.html