[原文]Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."
Check Point FireWall-1 contains a flaw that may allow a remote attacker to redirect connections through vulnerable FTP servers via a "bounce" attack. By using the PORT command, attackers can open connections to arbitrary resources normally protected by the firewall.
Upgrade to version 4.0 SP7, 4.1 SP2, or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the
following workaround: Configure the FTP server to be read only.