Vigil@nce - Check Point Security Gateway: bypassing Threat Emulation
October 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send an email with a MIME attachment, which is not
analyzed by the Threat Emulation feature of Check Point Security
Gateway, in order to transmit a malware for example.
Impacted products: CheckPoint Security Gateway
Severity: 2/4
Creation date: 04/10/2013
DESCRIPTION OF THE VULNERABILITY
The Threat Emulation feature is used to analyze a file in a
protected environment, in order to detect if it contains a malware.
This feature can be enabled on the Check Point Security Gateway,
in order to scan email attachments. However, if the MIME
encapsulation of the attachment is specially constructed, the
attachment is incorrectly decoded, so Threat Emulation does not
find a malware inside.
An attacker can therefore send an email with a MIME attachment,
which is not analyzed by the Threat Emulation feature of Check
Point Security Gateway, in order to transmit a malware for example.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Check-Point-Security-Gateway-bypassing-Threat-Emulation-13523