FW-1 RDP Vulnerability Proof of Concept Code

As announced earlier this week, we hereby post the proof of concept code for the FireWall-1 RDP Bypass Vulnerability. We think it doesn't make sense to withhold it any longer for the following reasons. 1. This is no "Script-Kiddie" exploit, it will not provide anyone with a means to instantly bre...

Licensing Firewall-1 DoS Attack

I have identified a denial of service attack that can be launched against Firewall-1 that has identical results to the IP fragmentation attack identified by Lance Spitzner. Symptoms: Firewall CPU hits 100 utilization, console locks up, a reboot only temporarily solves the problem. Vulnerable: All...

FireWall-1 Fastmode Vulnerability

Hi there, service pack 3 is available for FireWall-1 4.1 and in addition to the things listed in the release notes it fixes the following little... errrrm... idiosyncrasy. The HTML version of the advisory is available at http://www.dataprotect.com/fw1/ Merry Christmas and a happy New Year -Thomas...

CVE-2000-0116

Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra in front of the SCRIPT tag...

CVE-2000-0181

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection...

fw1-ftp.txt

FireWall-1 FTP Server Vulnerability Background Paper 1, data protect AG John McDonald Thomas Lopatic References ---------- Please reference the recent vuln-dev posting by Mikael Olsson entitled, "Breaking through FTP ALGs -- is it possible?" At the time of this writing, it was not yet archived on...