Holes in Firewall-1

Oct 05, 2007

Jan Rähm

Spanish security researchers have discovered several vulnerabilities in the "Firewall-1" security solution by software vendor Checkpoint, and are now questioning its Common Criteria EAL4+ certification.

Pentest penetration testers discovered various bugs in the form of buffer overflows in command line tools. The testers didn't even need to deploy code analysis tools, as they reveal in their analysis.

The subject of the test was Secure Platform R60, a distribution by vendor Checkpoint based on Red Hat Linux. Although the vulnerabilities were only local, the authors of the report still can't rule out remote attacks after analysis.

Although Checkpoint was notified of the vulnerabilities several months ago, a response has not been forthcoming, nor has an update of the firewall which can be used on various systems, such as Red Hat Enterprise Linux, Solaris 8 through 10, and Windows 2000 Server.

Related content

Huge Hole in Yoggie USB Stick Firewall

A full-fledged Linux computer on a USB stick: Yoggie uses this astonishing hardware trick to protect Windows machines against Web-based attacks. But there are some things that do not work as intended by the developers as an exhaustive test in Linux Magazine #94 / September will reveal. Just a few simple tricks were all it took to work around the firewall.

more »
Apache Closes Down Vulnerabilities

No less than five vulnerabilities were eradicated by the release of a new version of the Apache Web server.

more »
KTools: KMyFirewall

Linux has a fantastic selection of firewalls for securing stand-alone computers or whole networks. Although you can use IPTables to set up a firewall, the configuration is often the most difficult step. KMyFirewall offers a powerful, user-friendly, GUI-based approach.

more »
Yoggie Gatekeeper Pico

This Linux computer on a USB stick acts as a tiny mobile firewall.

more »
Script Error Opens up Security Hole in Xen 3.0.3

A Red Hat update has just been released to close various vulnerabilities in the Xen virtualization solution, one of which was caused by an error in a Python script.

more »

comments powered by Disqus

Issue 163/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

KDE Announces Software Compilation 4.13

New release comes with better semantic search and improvements to Kontact.
Coverity: Open Source Code has Fewer Defects

Annual code quality report shows FOSS is more secure at all project size levels.
An Even Smaller Raspberry Pi

The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
Freaky Privilege Escalation Attack

A new class of problems lets a malicious app pre-configure an invisible privilege update.
Facebook Rolls Out New PHP-like Programming Language

New Hack language adds static typing and other conveniences.
Fedora Announces Innovative Crytography Policy System

New crypto policy system will offer easier configuration and more uniform security.
Shuttleworth Calls for Declarative Firmware

Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
New TLS Attack Takes the S out of HTTPS

Security

Vulnerability affects many Linux web servers
Munich Adopts Kolab

The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
Canonical Announces Ubuntu Smartphones

Mobile , Ubuntu

Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.

Holes in Firewall-1

Related content

Issue 163/2014

Buy this issue as a PDF

Tag Cloud

News