lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8442850.1048766389@[10.3.62.6]>
From: pbieringer at aerasec.de (Dr. Peter Bieringer)
Subject: Re: Check Point FW-1: attack against syslog daemon possible

Hi again,

now we are finished the investigation of FW-1 4.1 (SP6) with following 
result:

In our lab the syslog daemon of Check Point FW-1 4.1 didn't crash in case 
of sending "/dev/urandom" via "nc", but this floods the log without any 
rate limiting.

Also the syslog messages were not filtered.

Note also that that improving the ruleset didn't help in cases where 
trusted and untrusted nodes are sharing the same network, because in UDP 
packets the sender IP address can be spoofed (successfully tested with 
"sendip" against FW-1 4.1).

To avoid spoofing, only MAC based ACLs on gateways (if available) will help 
or establishing a dedicated (V)LAN for trusted sources only.


We've updated our advisory once again:

http://www.aerasec.de/security/advisories/txt/
 checkpoint-fw1-ng-fp3-syslog-crash.txt
http://www.aerasec.de/security/advisories/
 checkpoint-fw1-ng-fp3-syslog-crash.html


Hope this helps,
	Peter
-- 
Dr. Peter Bieringer                             Phone: +49-8102-895190
AERAsec Network Services and Security GmbH        Fax: +49-8102-895199
Wagenberger Stra?e 1                           Mobile: +49-174-9015046
D-85662 Hohenbrunn                       E-Mail: pbieringer@...asec.de
Germany                                Internet: http://www.aerasec.de


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ