|
|
| Recent Vulnerabilities Many companies rely upon static defenses like firewalls, IDS systems, and routers to protect their assets instead of adopting OODA and deception strategies. These defensive measures are often rendered ineffective because of the vulnerabilities they contain. The vulnerabilities shown below are being listed to illustrate the danger of depending upon static defenses to protect your business. |
|
|
|
|
|
|
|
|
Date: November 14, 2001 Product: Cisco 12000 Series Routers Problem: The performance of Cisco 12000 series routers can be degraded when they have to send a large number of ICMP Unreachable packets. This situation usually can occur during a heavy network scanning. Vulnerability is present in the underlying technology an individual line card is based upon, the Engine. Impact: When a high volume of traffic is sent to the router that requires ICMP Unreachable replies, the processing of the replies can saturate the CPU. Exploitation of this vulnerability may lead to Denial-of-Service. The router's performance will degrade and, in the worst case scenario, the router will stop forwarding packets. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 14, 2001 Product: Cisco 12000 Series Routers Problem: ACL will not block non initial fragments of a packet. This Cisco bug ID is adding a support for "fragment" keyword in the ACL. The White Paper Access Control Lists and IP Fragments describes how keyword fragment modifies behavior of ACL Impact: The router will not block all traffic. By sending an offending traffic in packet fragments it is possible to circumvent the protection offered by ACL and cause Denial-of-Service for the protected IP address. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 14, 2001 Product: Cisco 12000 Series Routers Problem: The keyword "fragment" in the compiled ACL (Turbo ACL) is ignored if a packet is destined to the router itself. Impact: It is possible to cause the Denial-of-Service on the router itself if sufficient amount of traffic is sent to the router. This offending traffic should be send as packet fragments. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 14, 2001 Product: Cisco 12000 Series Routers Problem: The implicit "deny ip any any" rule at the end of an ACL is ignored if an ACL of exactly 448 entries is applied on an interface as an outgoing ACL. An ACL with any other number of rules, greater or less than 448, is unaffected by this vulnerability. Impact: If an outgoing ACL contains exactly 448 entries and if explicit rule "deny ip any any" is not present as the last statement, the ACL will fail to drop packets. Our tests shows that only 50% of packets are dropped. This may allow some undesired traffic to pass into the protected network thus violating security policy. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 14, 2001 Product: Cisco 12000 Series Routers Problem: A support for "fragment" keyword in an outgoing ACL is added. Previously, only incoming ACL supported this keyword and outgoing ACL was ignoring it. Impact: Fragmented packets may be allowed into the protected network if the keyword "fragment" was applied to an outgoing ACL. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 14, 2001 Product: Cisco 12000 Series Routers Problem: An outbound Access Control List (ACL) may not block all intended traffic on a router when an input ACL is configured on some, but not all, interfaces of a multi port Engine 2 line card. The prerequisite is that, the traffic in question, was not filtered by an inbound ACL on the ingress port. An ACL applied at the ingress point will work as expected and block desired traffic. Impact: This vulnerability can cause unwanted traffic to be allowed in and out of the protected network. The security based on an ACL will be breached completely. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 14, 2001 Product: Cisco 12000 Series Routers Problem: Packet fragments are not filtered by the ACL despite using "fragment" keyword. Impact: This vulnerability can be exploited to attack systems that are supposed to be protected by the ACL on the router. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 5, 2001 Product: Cisco Routers or Switches running certain version of IOS or CatOS Problem: It is possible to send an Address Resolution Protocol (ARP) packet on a local broadcast interface (for example: ethernet, cable, tokenring, fddi) which could cause a router or switch running specific versions of Cisco IOS Software Release or CatOS to stop sending and receiving ARP packets on the local router interface. This will in a short time cause the router and local hosts to be unable to send packets to each other. ARP packets received by the router for the router's own interface address but a different Media Access Control (MAC) address will overwrite the router's MAC address in the ARP table with the one from the received ARP packet. This was demonstrated to attendees of the Black Hat conference and should be considered to be public knowledge. This attack is only successful against devices on the segment local to the attacker or attacking host. Impact: This issue can cause a Cisco Router to be vulnerable to a Denial-of-Service attack, once the ARP table entries time out. This defect does not result in a failure of confidentiality of information stored on the unit, nor does this defect allow hostile code to be loaded onto a Cisco device. This defect may cause a denial of service on the management functions of a Cisco Switch, but does not affect traffic through the device. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 5, 2001 Product: Symmantec Raptor Firewall Problem: When the firewall is sent a zero length UDP packet, the CPU consumes 100% of system resources. Impact: A remote user can cause denial-of-service to users inside the firewall. Due to the nature of UDP, the source host IP address may be spoofed, making it difficult to track the attacker. The firewall must be rebooted before normal operation may be resumed. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: October 11, 2001 Product: Cisco Secure PIX Firewall Manager Problem: After the Cisco Secure PIX Firewall Manager creates a connection to the firewall being managed, the administrative password is stored in unencrypted form on the management workstation. Impact: A malicious user could obtain and use this password to connect to the firewall and make configuration changes, denying service to legitimate users. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: September 26, 2001 Product: Cisco PIX Firewall versions 4.4(7.202), 4.4(4), 5.1(4.206, 5.2(3.210, and 6.0(1) Problem: The Cisco PIX can perform application-level filtering of SMTP traffic. These filters are normally used to prevent people from outside your organization from connecting to a mail server behind the firewall and using commands like EXPN or VRFY. In 2000, Cisco released patches for a flaw that would allow people to enter commands in the wrong order, thus bypassing this filter. Recent versions of the PIX firmware have reintroduced this vulnerability. Impact: Attackers can gather information about valid usernames for the people in your organization, thus increasing the likelihood of success in a password guessing attack. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: September 18, 2001 Product: ZyXel Prestige 642R Router Problem: This router contains filters to only allow specific internal hosts to administer it. By connecting to the external interface, an unauthorized internal machine can use the administrative features on the router. Impact: Hostile internal users can cut off your company's connectivity to the the internet and your customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: September 12, 2001 Product: Cisco iCDN 2.0 Problem: This product contains the RSA Security BSAFE SSL-J SDK. Some types of conditions that software written with this development kid experience during a failed SSL handshake allow a session key to be cached and reused. Impact: Anyone who can use this session key can establish an authenticated session and administer the box. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: September 8, 2001 Product: Check Point Software Firewall-1 (3.0-4.1SP2) Problem: Log Viewer will overwrite files ending in the .log extension, and will following symbolic links to corrupt root-owned files. Impact: Users with administrative access to Firewall-1 and local shell access can deny service to legitimate users of the system. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: September 5, 2001 Product: ISS RealSecure IDS 5.0-6.0, Dragon 3.0, snort 1.5-1.8, Cisco Catalyst 6000 IDS Module, Cisco Secure IDS Host Sensor 2.0, Cisco Secure IDS Network Sensor 2.0 Problem: Microsoft's IIS Web server responds to requests that utilize a non-standard Unicode system that was created by Microsoft. This technique can bypass the checks made by content inspection and Intrusion Detection Systems. Impact: This weakness could allow attackers to modify your Microsoft Web server without being detected by your IDS. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: September 4, 2001 Product: McAfee WebShield for Solaris 4.0, Network Associates Gauntlet Firewall for Unix (5.0-6.0) Problem: A boundary condition error in the smap/smapd and CSMAPD daemons can be used to cause arbitrary code/commands to be executed on a vulnerable system with the privileges of the attacked daemon. Impact: Attackers can take control of your mail gateway, cutting off e-mail communication with your customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 27, 2001 Product: Cisco IOS 12.X Problem: A potential denial of service condition may exist in Cisco's IOS firmware. The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful. Impact: This weakness could be used to cut off your company's access to customers, business partners or the Internet. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 18, 2001 Product: Check Point Software Firewall-1 4.0 & Firewall-1 4.1 (SP1, SP2, SP3 & SP4) Problem: The SecureRemote VPN server software will send network topology information to SecureRemote client connections before it asks them to authenticate. Impact: Attackers can use this capability to gain information about your network as they prepare for an attack. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 12, 2001 Product: Cisco IOS 12.1X & 12.2X Problem: Malformed PPTP packets sent to port 1723 can crash a Cisco router. Impact: This weakness can be used as a Denial of Service attack that will cut your company's access to customers, business partners or the Internet. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 12, 2001 Product: Check Point Software Firewall-1 4.1 (SP1, SP2, & SP3), Check Point Software Providor-1 4.1 (SP1, SP2 & SP3), Check Point Software VPN-1 4.1SP3 (Base release, SP1 & SP3), Nokia ISPO 3.3 (Base release, SP1, SP2 & SP3) Problem: Firewall-1/VPN-1 management station passes client-supplied data to a printf* function as a format string argument. This vulnerability can allow an authenticated client who is connected from an authorized IP address to elevate their privileges. Impact: Administrators with limited privileges (such as read-only) may be able to exploit this vulnerability to gain total control of the management station. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 11, 2001 Product: Check Point Software's Firewall-1 (4.1-4.1SP3), Providor-1 (4.1-4.2SP3), and VPN-1 (4.1-4.1SP3) Problem: The VPN management station contains a format string vulnerability that can only be exploited by a client that is authenticated as an administrator and connected from an authorized IP address. Impact: Administrators with limited privileges (such as read-only) may be able to exploit this vulnerability to gain control over the management station. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 11, 2001 Product: Cisco SN 5420 Storage Router Problem: You can reboot the router by rapidly establishing multiple connections to TCP port 8023 Impact: The router is vulnerable to a denial of service attack that could cut your company's access to customers, business partners or the Internet. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 11, 2001 Product: Cisco SN 5420 Storage Router Problem: Unauthorized users can log into the router as a developer without being prompted for a password Impact: Users can execute debug commands, start and stop processes, and interfere with the normal process execution. Users who are logged in such a manner and all commands executed by them are not logged or shown using the standard logging mechanisms of the router. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: June 27, 2001 Product: Cisco PIX firewall and 6000 Series (a.k.a. 'Catalyst') Switches Problem: Cisco products that use SSH (the PIX firewall and the Catalyst-series switch) are vulnerable to attacks on SSH 1.5. Impact: Unauthorized users can insert commands into established SSH sessions, reconfiguring your network devices. This ability could be used to cut your business off from your customers and the Internet. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: June 27, 2001 Product: Virtually all mainstream Cisco routers and switches running Cisco IOS are affected by this vulnerability Problem: When HTTP server is enabled and local authorization is used, it is possible, under some circumstances, to bypass the authentication and execute any command on the device. It that case, the user will be able to exercise complete control over the device. All commands will be executed with the highest privilege (level 15). Impact: Unauthorized users could take control of your switches and routers, cutting your business off from customers and the Internet. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: June 8, 2001 Product: WatchGuard Firebox 2500 (4.5 & 4.6) and Firebox 4500 (4.5 & 4.6) Problem: These firewalls contain SMTP scanning capabilities, but these scans can be bypassed if the boundary name in the mail is appended with two dashes. Impact: Attackers can use this ability to send malware like hostile VBS scripts into your company, even if your firewall is configured to block this traffic. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 31, 2001 Product: Cisco CSS 11000 Series (a.k.a. 'Arrowpoint') Switches Problem: A user can gain access to the web management interface without being authenticated on the CSS 11000 series switch. Impact: Unauthorized users could modify the configuration of your switch. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 24, 2001 Product: All Cisco products running IOS 12.1(1.3)T Problem: TCP security scans can cause reboots of many types of Cisco switches and routers. Impact: Attackers could cause your router to constantly reboot, cutting your company off from the Internet or your customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 23, 2001 Product: Cisco 600 series routers Problem: Cisco CBOS Software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers. This flaw could be used to hijack a connection being used to administer the router. Impact: Attackers could modify a company's router, cutting them off from theIinternet or their customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 23, 2001 Product: Cisco 600 series routers Problem: Cisco CBOS Software contains a flaw in the handling of ICMP ECHO REQUEST packets (ping) with the IP Record Route option set. It is possible to freeze a Cisco 600 router by sending these packets. Impact: Attackers can cause a Denial of Service on your router, cutting your company off from the Internet or your customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 23, 2001 Product: Cisco 600 series routers Problem: The exec and enable passwords are stored in the cleartext in NVRAM. Similarly, they are also stored in the cleartext in the configuration file if one is stored on a computer. Anyone who is in a position to see a router's configuration, either directly from the device or in the file on a computer, can learn the passwords. Impact: Non-privileged users might be able to learn passwords needed to reconfigure your router. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 15, 2001 Product: Cisco Content Service Switch (CSS) 11000 series Problem: A non privileged user (user account without administrative privileges) can open an FTP connection to a CSS 11000 series switch and use GET and PUT FTP commands, with no user level restrictions enforced. This will allow them to read the configuration files for the switch. Impact: Potential attackers can gather information about your internal network that might help them with an intrusion. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 10, 2001 Product: Cisco BGP4 implementation Problem: BGP4 Prefix Filtering with Inbound Route Maps are vulnerable to memory corruption. Attackers can create Border Gateway Protocol UPDATE messages containing invalid Network Layer Reachability Information (NLRI) that will cause in network outages. Impact: Attackers can cut off your access to business partners and the Internet. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 5, 2001 Product: Cisco HSRP RFC2281 Problem: Cisco's Hot Standby Router Protocol is supposed to provide redundancy and failover capabilities. Attackers can send HRSP messages that route all traffic to a specific host. This can prevent any traffic from entering or leaving a network Impact: Attackers can cut off your access to business partners and the Internet. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: April 16, 2001 Product: Cisco Catalyst Switches (5000 and 2900 series) Problem: If the spanning tree protocol is blocked in your switch configuration, remote users can create 802.1x frame storms on the segment using the Catalyst. Impact: Attackers can deny Internet and LAN connectivity to your wireless users. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: April 12, 2001 Product: Cisco VPN Concentrator2.5.2 (A-D & F) Problem: Attackers can send specially crafted packets to crash the concentrator. Impact: Attackers can deny service to legitimate users until the unit is power-cycled. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: April 06, 2001 Product: PIX Firewall version 5.1.4 Problem: Attackers can send multiple authentication requests to PIX firewalls, causing it to crash. Impact: Attackers can deny service to legitimate users until the unit is power-cycled. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: April 04, 2001 Product: Cisco WebNS (4.0 & 4.0.1) Problem: A flaw in the most recent versions of the Cisco WebNS software allows ordinary users of the switch to elevate their privileges. Impact: Ordinary users can reconfigure the switch. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: March 24, 2001 Product: Axent's Raptor Firewall (6.5) Problem: The exterior interface of the firewall can be used as an HTTP proxy server to connect to internal machines on TCP ports 79-99, and 200-65535. Impact: Attackers can use this method to connect to your internal HTTP proxy and use it to view the corporate intranet, thus learning internal company secrets. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: March 07, 2001 Product: Cisco Aironet Firmware (7.0.x, 8.07, 8.24) Problem: The web interface used for remote administration allows remote users to reconfigure the switch, even when that functionality has been turned off. Impact: Attackers and view can alter the configuration of the switch, cutting businesses off from their customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: January 17, 2001 Product: Check Point Software Firewall-1 4.1 (no service pack, SP2, SP3) Problem: Internal attackers can send a large number of false IP addresses to the internal interface of the firewall. Doing so overwhelms the licensing module, and makes it impossible to log into the console during an attack. Impact: Attackers can interfere with your response team's information gathering during an attack. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: December 14, 2000 Product: Check Point Software Firewall-1 4.1 SP2 Problem: The Fast Mode option used to increase performance on the firewall allows external attackers to access blocked services on the host that is supposed to be protected by the firewall. Impact: Attackers can bypass your firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: November 1, 2000 Product: Check Point Software Firewall-1 (4.0 & 3.0) Problem: Error messages from the authentication module reveal whether or not a username is valid. Attackers can use this information to help them log into the firewall. Impact: Attackers who log into your firewall can disable it. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: August 22, 2000 Product: ISS's Real Secure IDS (3.2.x) Problem: Intruders can turn off your intrusion detection system before an attack by sending a stream of fragmented SYN packets. Impact: Businesses will not be notified when an attacker enters their network. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: August 15, 2000 Product: Check Point Software Firewall-1 (3.0, 4.0, 4.1) Problem: The Session Agent is vulnerable to dictionary attacks that determine valid usernames and passwords. Impact: Attackers can access resources and services that are protected by the firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: August 2, 2000 Product: Check Point Software Firewall-1 (3.0, 4.0, 4.1) Problem: In some configurations, the connection table can be modified by sending a specially formatted RSH/REXEC connection request from an external RSH/REXEC server to an internal (protected) RSH/REXEC client. Impact: If rsh/rexec stderr-port is permitted attackers can establish back-connections through the firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 5, 2000 Product: Check Point Software Firewall-1 (3.0, 4.0, 4.1) Problem: The firewall will crash if it receives a number of spoofed UDP packets with the same source and destination. Impact: An attacker can shut down your firewall, cutting you off from the Internet and your customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: June 30, 2000 Product: Check Point Software Firewall-1 (4.0, 4.1) Problem: The firewall's mail services will stop functioning if an attacker sends it a string of invalid SMTP commands. Impact: Attackers can prevent your company from sending or receiving e-mail. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: June 6, 2000 Product: Check Point Software Firewall-1 (4.0, 4.1) Problem: Improperly fragmented packets will cause a denial of service as the firewall attempts packet reassembly. Impact: An attacker can shut down your firewall, cutting you off from the Internet and your customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 18, 2000 Product: Axent's NetProwler IDS (3.0) Problem: Intruders can use a single packet to turn off your intrusion detection system before they attack. Impact: Businesses will not be notified when an attacker enters their network. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: May 17, 2000 Product: NetworkICE's ICECap Manager (versions 2.0.23 and previous) Problem: The ICECap manager contains a default username of ICEMAN without a password. If this has not been changed, an internal attacker can connect to the ICECap and use it to disable all the IDS boxes within your enterprise. Impact: Internal attackers can shut down IDS systems before launching their attack. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: March 11, 2000 Product: Check Point Software Firewall-1 (3.0, 4.0, 4.1) Problem: Firewall-1 can expose your private IP addresses to attackers. Impact: Private IP addresses are useful in learning which machines to attack after breaching the firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: March 10, 2000 Product: Check Point Software Firewall-1 (3.0, 4.0) Problem: Attackers can use HTML-enabled email to exploit the FTP PASV ALG vulnerability and connect to machines behind the firewall. Impact: Attackers can bypass your firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: March 10, 2000 Product: Cisco Pix (4.1.6-5.1) Problem: Attackers can use HTML-enabled email to exploit the FTP PASV ALG vulnerability and connect to machines behind the firewall. Impact: Attackers can bypass your firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: March 1, 2000 Product: ISS's Real Secure IDS Problem: Attackers can alter the ID field in common DoS attacks. Impact: Businesses will not be notified when an attacker enters their network. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: March 1, 2000 Product: ISS's Real Secure IDS Problem: Attackers can modify the signature of their CGI attacks, thus avoiding detection. Impact: Businesses will not be notified when their web server is attacked. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: February 25, 2000 Product: Nortel/Bay Networks Nautica Marlin router Problem: Attackers can crash the router by sending a 0 byte UDP packet to the SNMP port (161). Impact: Businesses can be cut off from their customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: February 9, 2000 Product: Check Point Software Firewall-1 (3.0, 4.0) Problem: If you allow access to a public FTP server that is behind the firewall, attackers can connect to and use other services on that machine. Impact: Attackers can launch attacks on FTP servers through the firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: February 9, 2000 Product: Cisco PIX (4.1.6-5.0) Problem: If you allow access to a public FTP server that is behind the firewall, attackers can connect to and use other services on that machine. Impact: Attackers can launch attacks on FTP servers through the firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: January 29, 2000 Product: Check Point Software Firewall-1 (3.0) Problem: Specially crafted hostile scripting can bypass the script-altering features in Firewall-1. Impact: Hostile scripting in HTML can be used to remotely compromise your client computer. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: January 18, 2000 Product: Nortel Connectivity extranet switch Problem: These switches can be managed via a web browser. The cgiproc CGI that is part of this management system can be used to view any of the configuration files or crash the switch. Impact: Hostile employees can cut a business off from their customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: October 21, 1999 Product: Axent's Raptor Firewall Problem: Attackers can crash the firewall by sending TCP packet with the SECURITY and TIMESTAMP IP options lengths set to 0. Impact: Businesses can be cut off from their customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: October 20, 1999 Product: Check Point Software Firewall-1 (4.0) Problem: A flaw in Firewall-1's LDAP authentication code can allow attackers to access protected resources behind the firewall. Impact: Attackers can remotely access protected internal machines that are behind your firewall. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: August 9, 1999 Product: Check Point Software Firewall-1 (3.0, 4.0) Problem: UDP packets passing through a Firewall-1 VPN to port 0 can cause a reboot. Impact: Attackers can shut down your firewall, cutting your company off from the Internet and your customers. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: August 4, 1999 Product: Dragon IDS Problem: Web users can run arbitrary commands on the box remotely. Impact: Attackers can disable the IDS, or even give themselves the ability to log into it remotely and use it as a platform to launch attacks. |
|
|
|
|
|
| Back to top | |
|
|
|
Date: July 29, 1999 Product: Check Point Software Firewall-1 (3.0, 4.0) Problem: Aiming a port scanner at non-existent machines behind the firewall can fill the connection table on Firewall-1, thus shutting down the firewall. Impact: Attackers can cut your company off from the Internet and your customers. |
|
| To go back to the main site... click here to close window! | |
|
|
| Back to top | |
|
|
|
|
© Copyright 2001 sNET Systems Corporation. All rights reserved | Site designed by: |