Vigil@nce: Firewall-1, buffer overflow of PKI Web Service
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can connect to the PKI Web Service of Firewall-1 in
order to generate an overflow.
Severity: 2/4
Consequences: user access/rights, denial of service of service
Provenance: intranet client
Means of attack: 1 proof of concept
Ability of attacker: specialist (3/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/03/2009
IMPACTED PRODUCTS
– CheckPoint Firewall-1
DESCRIPTION OF THE VULNERABILITY
The PKI Web Service of Check Point Firewall-1 is a web server to
handle keys, and is reachable on port 18264/tcp.
The Authorization header of the HTTP protocol indicates
authentication data. The Referer header of the HTTP protocol
indicates the previously visited url.
When the PKI Web Service receives long Authorization or Referer
headers, a buffer overflow occurs. This overflow may lead to code
execution.
The list of vulnerable version is not known. This vulnerability
was found in 2006.
CHARACTERISTICS
Identifiers: BID-34286, VIGILANCE-VUL-8574
http://vigilance.fr/vulnerability/Firewall-1-buffer-overflow-of-PKI-Web-Service-8574