| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8442850.1048766389@[10.3.62.6]> Date: Thu, 27 Mar 2003 11:59:49 +0100 From: "Dr. Peter Bieringer" <pbieringer@...asec.de> To: Maillist Bugtraq <bugtraq@...urityfocus.com>, Maillist full-disclosure <full-disclosure@...ts.netsys.com> Subject: Re: Check Point FW-1: attack against syslog daemon possible Hi again, now we are finished the investigation of FW-1 4.1 (SP6) with following result: In our lab the syslog daemon of Check Point FW-1 4.1 didn't crash in case of sending "/dev/urandom" via "nc", but this floods the log without any rate limiting. Also the syslog messages were not filtered. Note also that that improving the ruleset didn't help in cases where trusted and untrusted nodes are sharing the same network, because in UDP packets the sender IP address can be spoofed (successfully tested with "sendip" against FW-1 4.1). To avoid spoofing, only MAC based ACLs on gateways (if available) will help or establishing a dedicated (V)LAN for trusted sources only. We've updated our advisory once again: http://www.aerasec.de/security/advisories/txt/ checkpoint-fw1-ng-fp3-syslog-crash.txt http://www.aerasec.de/security/advisories/ checkpoint-fw1-ng-fp3-syslog-crash.html Hope this helps, Peter -- Dr. Peter Bieringer Phone: +49-8102-895190 AERAsec Network Services and Security GmbH Fax: +49-8102-895199 Wagenberger Straße 1 Mobile: +49-174-9015046 D-85662 Hohenbrunn E-Mail: pbieringer@...asec.de Germany Internet: http://www.aerasec.de _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists