<<< Date Index >>>     <<< Thread Index >>>

Re: Two checkpoint fw-1/vpn-1 vulns



On Thu, 2004-02-05 at 17:22, Bjørnar Bjørgum Larsen wrote:
> see

> http://xforce.iss.net/xforce/alerts/id/162
> 

It is in fact a bit confusing, as ISS states that any FW-1 AI
installation is vulnerable, as soon as AI is enabled (which it is by
default), while Checkpoint claims that only systems with the HTTP
security servers enabled (which you have to do explicitly) are
vulnerable.

Does anybody have any reliable information about that?
Does anybody know how a possible attack could work or even have a hint
how to craft a snort signature? (Please excuse the irony snort::ISS, it
is not intended)

rgds /markus

--
Markus Wernig
UNIX/Network and Security Engineer
 
-> GPG: markus.wernig.net/pubkey
-> Linux User Group Bern: www.lugbe.ch
-> Freie Software f. die Schweiz: wilhelmtux.ch