发布时间 :2000-06-30 00:00:00
修订时间 :2008-09-10 15:05:06

[原文]Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.

[CNNVD]Check Point Firewall-1 SMTP资源消耗漏洞(CNNVD-200006-117)

        Check Point FireWall-1 4.0和4.1版本存在漏洞。远程攻击者通过发送无效命令流(例如二进制0)到SMTP安全服务器代理导致拒绝服务。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:checkpoint:firewall-1:4.0Checkpoint Firewall-1 4.0
cpe:/a:checkpoint:firewall-1:4.1Checkpoint Firewall-1 4.1

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  BUGTRAQ  20000630 SecureXpert Advisory [SX-20000620-3]
(UNKNOWN)  BID  1416

- 漏洞信息

Check Point Firewall-1 SMTP资源消耗漏洞
中危 其他
2000-06-30 00:00:00 2006-01-04 00:00:00
        Check Point FireWall-1 4.0和4.1版本存在漏洞。远程攻击者通过发送无效命令流(例如二进制0)到SMTP安全服务器代理导致拒绝服务。

- 公告与补丁

        These latest Service Packs address the described denial of service issue. It is important to note that even without the new service packs installed, this attack does not disable firewall operations in general, only operation of the SMTP Security Server, since the Security Server operates with a lower processor priority than the FireWall-1 kernel module.
        Check Point Software Firewall-1 4.0
        Check Point Software Firewall-1 4.1

- 漏洞信息 (20049)

Check Point Software Firewall-1 4.0/1.4.1 Resource Exhaustion Vulnerability (EDBID:20049)
windows remote
2000-06-30 Verified
0 SecureXpert Labs
N/A [点击下载]

The Check Point Firewall-1 SMTP Security Server in Firewall-1 4.0 and 4.1 on Windows NT is vulnerable to a simple network-based attack which can increase the firewall's CPU utilization to 100%. Sending a stream of binary zeros (or other invalid SMTP commands) to the SMTP port on the firewall raises the target system's load to 100% while the load on the attacker's machine remains relatively low. According to Check Point Software this only disables mail relay while allowing other firewall operations to continue normally. 

This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc firewall 25 < /dev/zero". 		

- 漏洞信息

Check Point FireWall-1 SMTP Resource DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Exploit Public Third-party Verified

- 漏洞描述

FireWall-1 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a string of binary data to port 25 of the firewall, and will result in loss of availability for the firewall.

- 时间线

2000-06-30 Unknow
2000-06-30 Unknow

- 解决方案

Upgrade to version 4.0 SP7, 4.1 SP3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者