Check Point has investigated this issue and determined that this vulnerability has already been disclosed and corrected. For further information, please refer to http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html . Note that this issue is also fixed in VPN-1/FW-1 version NG, Feature Pack 1. -SwR ------------------------ > From: Indigo <indig0@talk21.com> > Subject: Firewall-1 remote SYSTEM shell buffer overflow > Date: 28 Nov 2001 20:08:14 -0000 > To: bugtraq@securityfocus.com > > > Mailer: SecurityFocus > > As you can see I've got a few weeks free between > jobs to write some overflows! > > Here's badboy.c the overflow for Checkpoint Firewall-1 > > NB The overflow only works if you launch the attack > from a valid GUI client machine i.e. your IP address > must be present in the target firewall's > $FWDIR/conf/gui-clients file. > ---------------End of Original Message----------------- ---------------------------------------------------------------- Scott.Register@us.CheckPoint.com || FireWall-1 Product Manager Check Point Software Technologies, Inc. 2255 Glades Road / Suite 324A \ Boca Raton, FL 33431 Voice: 561.989.5418 | Fax: 561.997.5421 | 11/30/01 10:32:52 ----------------------------------------------------------------
