Holes in Firewall-1

Oct 05, 2007

Jan Rähm

Spanish security researchers have discovered several vulnerabilities in the "Firewall-1" security solution by software vendor Checkpoint, and are now questioning its Common Criteria EAL4+ certification.

Pentest penetration testers discovered various bugs in the form of buffer overflows in command line tools. The testers didn't even need to deploy code analysis tools, as they reveal in their analysis.

The subject of the test was Secure Platform R60, a distribution by vendor Checkpoint based on Red Hat Linux. Although the vulnerabilities were only local, the authors of the report still can't rule out remote attacks after analysis.

Although Checkpoint was notified of the vulnerabilities several months ago, a response has not been forthcoming, nor has an update of the firewall which can be used on various systems, such as Red Hat Enterprise Linux, Solaris 8 through 10, and Windows 2000 Server.

Related content

Vulnerability in GNU "tar"

Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.

more »
Huge Hole in Yoggie USB Stick Firewall

A full-fledged Linux computer on a USB stick: Yoggie uses this astonishing hardware trick to protect Windows machines against Web-based attacks. But there are some things that do not work as intended by the developers as an exhaustive test in Linux Magazine #94 / September will reveal. Just a few simple tricks were all it took to work around the firewall.

more »
KTools: KMyFirewall

Linux has a fantastic selection of firewalls for securing stand-alone computers or whole networks. Although you can use IPTables to set up a firewall, the configuration is often the most difficult step. KMyFirewall offers a powerful, user-friendly, GUI-based approach.

more »
Yoggie Gatekeeper Pico

This Linux computer on a USB stick acts as a tiny mobile firewall.

more »
Script Error Opens up Security Hole in Xen 3.0.3

A Red Hat update has just been released to close various vulnerabilities in the Xen virtualization solution, one of which was caused by an error in a Python script.

more »

comments powered by Disqus

Issue 222/2019

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

Linux Administration

Keep your edge with these powerful Linux administration tools:

Monitor Your Network with Zabbix
An Open Source Audio Editor and Recorder
Managing Network Bandwidth with Trickle
Analyzing Network Traffic with Wireshark
Keep All Your Linux Servers in Check
Become a certified Linux Admin professional with the Linux Professional Institute LPIC-1 Systems Administrator certification.

News

Black Hole Image Has an Open Source Connection

Community

Two imaging libraries responsible for the image are fully open source.
Linux Mint Founder Calls for Better Developer Support

Linux mint , Linux Mint

Usually cheerful Clement ‘Clem’ Lefebvre says he "hasn't enjoyed" this development cycle.
Software Freedom Conservancy Announces End to VMware Lawsuit

VMware agrees to remove the offending code in a future release.
Chef Goes All Open Source

The company behind the popular DevOps automation tool is releasing those proprietary add-ons built around the open source core.
SUSE Spins off from Parent Company

Community

While IBM has acquired Red Hat, SUSE goes solo.
Gnome 3.32 Released

Gnome , Gnome 3

New release of the Gnu desktop comes with many improvements.
VMware Rolls Out Essential PKS

Virtualization vendor brings commercial support to upstream Kubernetes.
Linux 5.0 Is Here

Linus says don't get excited, but the new release contains some significant updates.
Kali Linux 2019.1 Released

Community

The favorite Linux distro of Mr. Robot gets the first update of 2019.
Linux Foundation Releases a New Draft of OpenChain Spec

Community

OpenChain provides a standard for open source compliance throughout the software supply chain.