Overview
Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259.
Description
Firewall-1 and VPN-1 include support for RDP, but do not provide adequate security controls for RDP data. By adding a faked RDP header to typical UDP traffic, any content can be passed to port 259 on any host on either side of the device. |
Impact
An attacker who exploits this vulnerability can build a tunnel to bypass the firewall and pass traffic to and from arbitrary hosts on either side of the firewall on port 259. |
Solution
Apply patch from vendor. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A |
References
Credit
The vulnerability was discovered by Jochen Bauer <jtb@inside-security.de> and Boris Wesslowski <bw@inside-security.de> of Inside Security GmbH Stuttgart, Germany.
Other Information
CVE IDs: | CVE-2001-1158 |
CERT Advisory: | CA-2001-17 |
Severity Metric: | 51.30 |
Date Public: | 2001-07-09 |
Date First Published: | 2001-07-09 |
Date Last Updated: | 2003-04-09 19:26 UTC |
Document Revision: | 57 |