Vulnerability Note VU#35958
IP Fragmentation Denial-of-Service Vulnerability in FireWall-1
A large stream of IP traffic can monopolize the CPU of a Check Point FireWall-1 firewall, resulting in a denial-of-service condition.
A denial-of-service vulnerability has been discovered in the FireWall-1 product from Check Point Software Technologies. Check Point has tested versions 4.0 and 4.1 of the product and has confirmed that both are affected. Check Point reports that earlier versions have been designated "End of Life" and are no longer supported. Thus, versions earlier than 4.0 have not been tested.
An attacker who exploits this vulnerability can monopolize the CPU of a FireWall-1 firewall, rendering it incapable of processing any incoming or outgoing traffic. Attackers are not able to pass packets or fragments that would be filtered out under normal circumstances, nor are they able to gain privileged access to the firewall or its host system.
"Check Point is in the process of building new kernel binaries that will modify the mechanism by which fragment events are written to the host system console, as well as providing configurable options as to how often to log. In addition and independent of the console message writing, with the new binaries FireWall-1 administrators will be able use the Check Point log file method for reporting fragmentation events. These binaries will be released shortly in Service Pack 2 of FireWall-1 version 4.1, for 4.1 users, and as a Service Pack 6 Hot Fix for FireWall-1 version 4.0 users."
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Check Point||Affected||-||11 Jan 2001|
CVSS Metrics (Learn More)
This vulnerability was discovered by Lance Spitzner <email@example.com> and was reported to the Bugtraq mailing list on June 5, 2000.
This document was written by Jeffrey P. Lanza.
- CVE IDs: CVE-2000-0482
- Date Public: 05 Jun 2000
- Date First Published: 26 Sep 2000
- Date Last Updated: 05 Apr 2001
- Severity Metric: 11.77
- Document Revision: 6
If you have feedback, comments, or additional information about this vulnerability, please send us email.