CVE-2004-0039
CVSS10.0
发布时间 :2004-03-03 00:00:00
修订时间 :2016-10-17 22:40:06
NMCOS    

[原文]Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.


[CNNVD]Check Point FW-1 HTTP Security Server多个远程格式串漏洞(CNNVD-200403-032)

        
        Check Point Firewall-1是一款高性能防火墙,Check Point Firewall-1的应用智能(AI)组件是一个能对应用层攻击进行通信扫描的应用代理。早期版本包含的HTTP Security Server,提供类似的功能。
        Check Point Firewall-1包含的AI和HTTP Security server对部分HTTP请求处理不正确,远程攻击者可以利用这个漏洞以管理员权限执行任意命令,这允许攻击者控制防火墙。
        AI和HTTP安全服务器包含的HTTP解析功能可通过发送非法HTTP请求来触发。当Firewall-1产生错误消息对非法请求进行应答时,部分由攻击者提供的输入会被sprintf()函数提供,如URI中非法的数据,通过提供格式字符串数据,攻击者可以破坏内存和以管理员权限执行任意指令。
        不成功的攻击会破坏所有连接的HTTP会话和停止WEB通信。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0039
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0039
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200403-032
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107604682227031&w=2
(UNKNOWN)  BUGTRAQ  20040205 Two checkpoint fw-1/vpn-1 vulns
http://www.checkpoint.com/techsupport/alerts/security_server.html
(UNKNOWN)  CONFIRM  http://www.checkpoint.com/techsupport/alerts/security_server.html
http://www.ciac.org/ciac/bulletins/o-072.shtml
(UNKNOWN)  CIAC  O-072
http://www.kb.cert.org/vuls/id/790771
(VENDOR_ADVISORY)  CERT-VN  VU#790771
http://www.securityfocus.com/bid/9581
(VENDOR_ADVISORY)  BID  9581
http://www.us-cert.gov/cas/techalerts/TA04-036A.html
(UNKNOWN)  CERT  TA04-036A
http://xforce.iss.net/xforce/alerts/id/162
(UNKNOWN)  ISS  20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
http://xforce.iss.net/xforce/xfdb/14149
(VENDOR_ADVISORY)  XF  fw1-format-string(14149)

- 漏洞信息

Check Point FW-1 HTTP Security Server多个远程格式串漏洞
危急 输入验证
2004-03-03 00:00:00 2006-01-03 00:00:00
远程  
        
        Check Point Firewall-1是一款高性能防火墙,Check Point Firewall-1的应用智能(AI)组件是一个能对应用层攻击进行通信扫描的应用代理。早期版本包含的HTTP Security Server,提供类似的功能。
        Check Point Firewall-1包含的AI和HTTP Security server对部分HTTP请求处理不正确,远程攻击者可以利用这个漏洞以管理员权限执行任意命令,这允许攻击者控制防火墙。
        AI和HTTP安全服务器包含的HTTP解析功能可通过发送非法HTTP请求来触发。当Firewall-1产生错误消息对非法请求进行应答时,部分由攻击者提供的输入会被sprintf()函数提供,如URI中非法的数据,通过提供格式字符串数据,攻击者可以破坏内存和以管理员权限执行任意指令。
        不成功的攻击会破坏所有连接的HTTP会话和停止WEB通信。
        

- 公告与补丁

        厂商补丁:
        Check Point Software
        --------------------
        Check Point提供了"Firewall-1 HTTP Security Server Update",修改了当非法HTTP请求被探测到后错误返回的字符串数据。要获取更多信息,可参看如下信息:
        
        http://www.checkpoint.com/techsupport/alerts/security_server.html

        这个升级可防止多种已知的字符错误字符串来进行攻击。
        Check Point也报告只有当产品启用HTTP Security Servers时此漏洞才能被触发,因此关闭HTTP Security Servers 和AI组件可暂时消除此漏洞影响。

- 漏洞信息

4414
Check Point FireWall-1 HTTP Server Format String
Remote / Network Access, Local / Remote, Context Dependent Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

Check Point FireWall-1 contains a flaw that may allow a remote attacker to execute arbitrary code or cause a denial of service. The issue is due to numerous format string flaws in the HTTP Security Server and HTTP Application Intelligence component.

- 时间线

2004-02-04 Unknow
2004-02-04 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Check Point has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Multiple Check Point Firewall-1 HTTP Security Server Remote Format String Vulnerabilities
Input Validation Error 9581
Yes No
2004-02-05 12:00:00 2009-07-12 02:06:00
Discovery credited to Mark Dowd.

- 受影响的程序版本

Check Point Software Nokia Voyager 4.1
Check Point Software NG-AI R55
Check Point Software NG-AI R54
Check Point Software NG-AI
Check Point Software Next Generation FP3 HF2
Check Point Software Next Generation FP3 HF1
Check Point Software Next Generation FP3
Check Point Software Next Generation FP2
Check Point Software Next Generation FP1
Check Point Software Firewall-1 4.1 SP6
Check Point Software Firewall-1 4.1 SP5
Check Point Software Firewall-1 4.1 SP4
Check Point Software Firewall-1 4.1 SP3
Check Point Software Firewall-1 4.1 SP2
Check Point Software Firewall-1 4.1 SP1
Check Point Software Firewall-1 4.1

- 漏洞讨论

Problems in the handling of some types of HTTP requests from remote users have been identified in Check Point Firewall-1 HTTP Application Intelligence and HTTP Security Server. Because of this, it is possible for a remote attacker to gain unauthorized access to a vulnerable system with administrative privileges.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Check Point has made fixes available to resolve this issue. Customers with support contracts may obtain fixes from Check Point support channels. See referenced advisory for additional details.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站