Check Point FireWall-1 Unauthorized RSH/REXEC Connection

2000-07-26T00:00:00
ID OSVDB:1487
Type osvdb
Reporter OSVDB
Modified 2000-07-26T00:00:00

Description

Vulnerability Description

FireWall-1 contains a flaw that may allow an attacker to bypass the rulesets controlling RSH/REXEC access. The issue is due to the firewall rulesets not properly validating all RSH/REXEC connections. If an attacker uses a specially formatted connection, they may be able to connect to any internal host.

Technical Description

This vulnerability only affects installations in which the administrator specifically enabled the RSH/REXEC setting in the Properties window.

Solution Description

Upgrade to version 4.0 SP7, 4.1 SP2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FireWall-1 contains a flaw that may allow an attacker to bypass the rulesets controlling RSH/REXEC access. The issue is due to the firewall rulesets not properly validating all RSH/REXEC connections. If an attacker uses a specially formatted connection, they may be able to connect to any internal host.

References:

Vendor Specific Advisory URL Other Advisory URL: http://www.iss.net/xforce/alerts/id/advise62 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-08/0184.html ISS X-Force ID: 5028 Generic Informational URL: http://www.monkey.org/~dugsong/talks/blackhat.pdf CVE-2000-0779 CIAC Advisory: k-073 Bugtraq ID: 1534