In-Reply-To: <1779CE9992706F45BDC9575124A5AAE50122188A@a0001-xpo0114-s.hodc.ad.allstate.com> Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server & management are separated. It seems that syslog is running on port 514udp: $ ps -aef | grep syslog root 7239 7231 0 Mar23 ? 00:00:01 syslog 514 all Maybe the wording Checkpoint used on their web site. "Prior to the release of NG FP3 HF2......." really does include ALL releases before FP3 Rizan >Received: (qmail 16221 invoked from network); 21 Mar 2003 23:10:48 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 21 Mar 2003 23:10:48 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id 337008F31B; Fri, 21 Mar 2003 16:10:34 -0700 (MST) >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Received: (qmail 1533 invoked from network); 21 Mar 2003 18:47:50 -0000 >Message-ID: <1779CE9992706F45BDC9575124A5AAE50122188A@a0001-xpo0114- s.hodc.ad.allstate.com> >From: "Hines, Eric" <ehin4@allstate.com> >To: dchesterfield@bankofny.com >Subject: RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog > daemon possible >Date: Fri, 21 Mar 2003 12:59:20 -0600 >MIME-Version: 1.0 >X-Mailer: Internet Mail Service (5.5.2653.19) >content-class: urn:content-classes:message >Content-Type: text/plain; > charset="iso-8859-1" > >Alright. I was just concerned because of the wording Checkpoint used on >their web site. >"Prior to the release of NG FP3 HF2......." > >I'm going to assume they were referring to the HF2 portion of that, and not >< FP3 > > >Eric Hines > > > >-----Original Message----- >From: dchesterfield@bankofny.com [mailto:dchesterfield@bankofny.com] >Sent: Friday, March 21, 2003 12:53 PM >To: Hines, Eric >Cc: Maillist Bugtraq; Dr. Peter Bieringer >Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against >syslog daemon possible > > > >The daemon was apparently only introduced since FP3 > > > > > > "Hines, Eric" > > <ehin4@allstate.c To: "Dr. Peter >Bieringer" <pbieringer@aerasec.de>, Maillist Bugtraq > om> <bugtraq@securityfocus.com> > > cc: > > 21/03/2003 06:31 Subject: Re: Check Point >FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon > pm possible > > > > > > > >Has anyone tested these vulnerabilities on NG FP1 or are they strictly >related to FP3? > >Eric Hines > > > > >-----Original Message----- >From: Dr. Peter Bieringer [mailto:pbieringer@aerasec.de] >Sent: Friday, March 21, 2003 6:47 AM >To: Maillist Bugtraq; Maillist full-disclosure >Subject: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog >daemon possible > > >Hi all, > >interesting for all Check Point FW-1 NG users which have enabled the >since >FP3 included syslog daemon. > > > > >
