| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030324012536.13469.qmail@www.securityfocus.com>
Date: 24 Mar 2003 01:25:36 -0000
From: Rizan Sheikh Mohd <sheikhrizan@...ketmail.com>
To: bugtraq@...urityfocus.com
Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog
daemon possible
In-Reply-To: <1779CE9992706F45BDC9575124A5AAE50122188A@...01-xpo0114-s.hodc.ad.allstate.com>
Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server &
management are separated. It seems that syslog is running on port 514udp:
$ ps -aef | grep syslog
root 7239 7231 0 Mar23 ? 00:00:01 syslog 514 all
Maybe the wording Checkpoint used on their web site.
"Prior to the release of NG FP3 HF2......." really does include ALL
releases before FP3
Rizan
>Received: (qmail 16221 invoked from network); 21 Mar 2003 23:10:48 -0000
>Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 21 Mar 2003 23:10:48 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 337008F31B; Fri, 21 Mar 2003 16:10:34 -0700 (MST)
>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@...urityfocus.com>
>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>Delivered-To: mailing list bugtraq@...urityfocus.com
>Delivered-To: moderator for bugtraq@...urityfocus.com
>Received: (qmail 1533 invoked from network); 21 Mar 2003 18:47:50 -0000
>Message-ID: <1779CE9992706F45BDC9575124A5AAE50122188A@...01-xpo0114-
s.hodc.ad.allstate.com>
>From: "Hines, Eric" <ehin4@...state.com>
>To: dchesterfield@...kofny.com
>Subject: RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog
> daemon possible
>Date: Fri, 21 Mar 2003 12:59:20 -0600
>MIME-Version: 1.0
>X-Mailer: Internet Mail Service (5.5.2653.19)
>content-class: urn:content-classes:message
>Content-Type: text/plain;
> charset="iso-8859-1"
>
>Alright. I was just concerned because of the wording Checkpoint used on
>their web site.
>"Prior to the release of NG FP3 HF2......."
>
>I'm going to assume they were referring to the HF2 portion of that, and
not
>< FP3
>
>
>Eric Hines
>
>
>
>-----Original Message-----
>From: dchesterfield@...kofny.com [mailto:dchesterfield@...kofny.com]
>Sent: Friday, March 21, 2003 12:53 PM
>To: Hines, Eric
>Cc: Maillist Bugtraq; Dr. Peter Bieringer
>Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against
>syslog daemon possible
>
>
>
>The daemon was apparently only introduced since FP3
>
>
>
>
>
> "Hines, Eric"
>
> <ehin4@...state.c To: "Dr. Peter
>Bieringer" <pbieringer@...asec.de>, Maillist Bugtraq
> om>
<bugtraq@...urityfocus.com>
>
> cc:
>
> 21/03/2003 06:31 Subject: Re: Check Point
>FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon
> pm possible
>
>
>
>
>
>
>
>Has anyone tested these vulnerabilities on NG FP1 or are they strictly
>related to FP3?
>
>Eric Hines
>
>
>
>
>-----Original Message-----
>From: Dr. Peter Bieringer [mailto:pbieringer@...asec.de]
>Sent: Friday, March 21, 2003 6:47 AM
>To: Maillist Bugtraq; Maillist full-disclosure
>Subject: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog
>daemon possible
>
>
>Hi all,
>
>interesting for all Check Point FW-1 NG users which have enabled the
>since
>FP3 included syslog daemon.
>
>
>
>
>
Powered by blists - more mailing lists