SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#508209

Check Point Firewall rules may improperly handle network traffic

Overview

Check Point Firewall CIFS service group may allow unintended traffic to pass through the firewall.

I. Description

Check Point Firewall contains a set of predefined service groups designed to handle different types of traffic associated with a service or collection of protocols. For instance, Check Point firewalls contain a predefined collection of rules to handle traffic associated with the Common Internet File System (CIFS), known as the CIFS service group.

A flaw in CIFS service group implementation may cause traffic not designated as part of the CIFS service group to be handled in an unintended manner. Depending on the configuration of the rules in place, the firewall may allow unintended traffic to pass through the firewall or drop legitimate traffic at the firewall.

II. Impact

Under certain configurations, arbitrary packets may pass through the firewall. This may allow access to hosts that would normally be protected behind the firewall boundary. Additionally, in other configurations, this issue may cause the firewall to deny all traffic.

III. Solution

Check Point suggests changing the name of the CIFS service group to mitigate this issue. For more detailed information on this workaround, please refer to Check Point SecureKnowledge database article SK31196.

Systems Affected

VendorStatusDate NotifiedDate Updated
Check Point Software TechnologiesVulnerable19-Sep-2005

References


http://www.securityfocus.com/bid/14781
http://www.securityfocus.com/archive/1/409877
http://secunia.com/advisories/16770
http://secureknowledge.us.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?id=sk31196
http://marc.theaimsgroup.com/?l=bugtraq&m=112611529724821&w=2

Credit

This vulnerability was publicly reported by fitz.

This document was written by Jeff Gennari.

Other Information

Date Public:2005-09-07
Date First Published:2005-09-16
Date Last Updated:2005-09-27
CERT Advisory: 
CVE-ID(s):CAN-2005-2889
NVD-ID(s):CAN-2005-2889
US-CERT Technical Alerts: 
Metric:4.39
Document Revision:68

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader