Vulnerability Note VU#790771
HTTP Parsing Vulnerabilities in Check Point Firewall-1
Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges.
The HTTP Security Servers component of Check Point Firewall-1 contains an HTTP parsing vulnerability that is triggered by sending an invalid HTTP request through the firewall. When Firewall-1 generates an error message in response to the invalid request, a portion of the input supplied by the attacker is included in the format string for a call to sprintf().
Researchers at Internet Security Systems have determined that it is possible to exploit this format string vulnerability to execute commands on the firewall. The researchers have also determined that this vulnerability can be exploited as a heap overflow, which would allow an attacker to execute arbitrary code. In either case, the commands or code executed by the attacker would run with administrative privileges, typically "SYSTEM" or "root". For more information, please see the ISS advisory.
This vulnerability allows remote attackers to execute arbitrary code on affected firewalls with administrative privileges, typically "SYSTEM" or "root".
Apply the patch from Check Point
Disable the affected components
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Check Point||Affected||02 Feb 2004||06 Feb 2004|
CVSS Metrics (Learn More)
This vulnerability was discovered and researched by Mark Dowd of ISS X-Force.
This document was written by Jeffrey P. Lanza.
- CVE IDs: CAN-2004-0039
- Date Public: 04 Feb 2004
- Date First Published: 05 Feb 2004
- Date Last Updated: 23 Apr 2004
- Severity Metric: 17.10
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.