Check Point Patches Severe FireWall-1 Flaws

The vulnerabilities enable attackers to execute commands on the vulnerable server.

Check Point Software Technologies Ltd. on Wednesday released a fix for a set of severe security vulnerabilities in its FireWall-1 product that enable attackers to execute commands on the vulnerable server.

The problems are a group of format string flaws that appears when FireWall-1 attempts to validate HTTP requests, according to analysts at Internet Security Systems Inc., which discovered the flaws. Error messages created when an invalid portion of a request is specified allow attackers to provide their own format string specifiers. This in turn can lead to corruption of memory and give attackers the ability to run their own code on the server with super-user privileges.

FireWall-1 is among the more widely deployed enterprise firewalls on the Internet.

Although ISS officials said exploiting the vulnerabilities is difficult on some platforms, the company has developed an exploit that works reliably. And, even failed attacks can interrupt all of the current HTTP sessions on the FireWall-1 server.

The vulnerability affects FireWall-1 NG with Application Intelligence, FireWall-1 4.1 and FireWall-1 HTTP Security Server, which is included with NG FP1, 2 and 3.

ISS also found a vulnerability in an old version of Check Points VPN-1 product, which the company no longer supports. Check Point, based in Ramat Gan, Israel, does not plan to release a patch for this issue.


Check out eWEEK.coms Security Center at for security news, views and analysis.