[原文]Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
Check Point VPN-1/FireWall-1 One-way Connection Enforcement Bypass
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Check Point VPN-1/FireWall-1 contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to the firewall not properly filtering specially fragmented TCP connections that will bypass the directionality checks implemented. If an attacker sends the right requests by closing and reopening one-way connections, they may be able to initiate traffic otherwise denied.
Upgrade to version 4.0 SP7, 4.1 SP2, or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.