- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Users of Check Point firewalls need to upgrade them right away in order to shut down a vulnerability that can lead to the firewalls being taken over by attackers.
A second vulnerability to Check Point's VPN-1 can leave it similarly vulnerable, according to Internet Security Systems, which discovered the vulnerabilities and says it has actually exploited them in the ISS X-Force labs.
Because Check Point firewalls by some counts represent more than half of the firewalls in corporate networks, ISS regards the threat as critical and says it calls for immediate fixes.
Updates necessary to correct the firewall vulnerability are available. As of this morning, the company had not posted a fix for the
vulnerability ISS says it found in Check Point's VPN-1 server as well as VPN-1 client software version 4.1. But ISS says the
problem can be corrected by upgrading to Check Point VPN-1 Next Generation software with Service Pack 1 or newer.
Check Point says it no longer supports Version 4.1, so there will be no patch issued for it.
The firewall vulnerability is to its application proxy for HTTP called HTTP Security Server. Check Point's advisory says the vulnerability can cause the server to crash and allow further exploitation. The company says this can happen "in theory only," but ISS says it has actually taken over such firewalls in its lab via the vulnerability. "It's not theoretical," says Dan Ingevaldson, director of X-Force research and development.
The first flaw that was found in Firewall-1 can give the attacker super-user or root access to the server, according to Ingevaldson.
In regards to the second vulnerability found in Check Point VPN-1 Server and two versions of the associated client software called SecureRemote and Secure Client, Ingevaldson says, "It can cause a complete compromise of the network and all information going in and out."
The flaw in the client means remote PCs connecting to corporate networks could be commandeered by attackers seeing connections to vulnerable machines by randomly pinging.
Check Point's VPN-1/Firewall-1 products are often packaged and deployed together, and exploiting either of the vulnerabilities can compromise the server running them, according to Ingevaldson.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment