Holes in Firewall-1

Oct 05, 2007

Jan Rähm

Spanish security researchers have discovered several vulnerabilities in the "Firewall-1" security solution by software vendor Checkpoint, and are now questioning its Common Criteria EAL4+ certification.

Pentest penetration testers discovered various bugs in the form of buffer overflows in command line tools. The testers didn't even need to deploy code analysis tools, as they reveal in their analysis.

The subject of the test was Secure Platform R60, a distribution by vendor Checkpoint based on Red Hat Linux. Although the vulnerabilities were only local, the authors of the report still can't rule out remote attacks after analysis.

Although Checkpoint was notified of the vulnerabilities several months ago, a response has not been forthcoming, nor has an update of the firewall which can be used on various systems, such as Red Hat Enterprise Linux, Solaris 8 through 10, and Windows 2000 Server.

Related content

Huge Hole in Yoggie USB Stick Firewall

A full-fledged Linux computer on a USB stick: Yoggie uses this astonishing hardware trick to protect Windows machines against Web-based attacks. But there are some things that do not work as intended by the developers as an exhaustive test in Linux Magazine #94 / September will reveal. Just a few simple tricks were all it took to work around the firewall.

more »
Vulnerability in GNU "tar"

Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.

more »
KTools: KMyFirewall

Linux has a fantastic selection of firewalls for securing stand-alone computers or whole networks. Although you can use IPTables to set up a firewall, the configuration is often the most difficult step. KMyFirewall offers a powerful, user-friendly, GUI-based approach.

more »
Yoggie Gatekeeper Pico

This Linux computer on a USB stick acts as a tiny mobile firewall.

more »
Script Error Opens up Security Hole in Xen 3.0.3

A Red Hat update has just been released to close various vulnerabilities in the Xen virtualization solution, one of which was caused by an error in a Python script.

more »

comments powered by Disqus

Issue 210/2018

Buy this issue as a PDF

Digital Issue: Price $9.99

(incl. VAT)

DevOps

Reinvent your network with DevOps tools and techniques:

AWS Automation Documents
Jekyll – A DIY HTML Engine
Automated Jenkins CI
Auditing Docker Containers in a DevOps Environment
Cloud Orchestration with Chef
Become a certified DevOps professional with the new Linux Professional Institute DevOps Tools Engineer certification."

News

Red Hat Enterprise Linux 7.5 Released

Community , Red Hat , Red Hat Linux

The latest release is focused on hybrid cloud.
Microsoft Releases a Linux-Based OS

Community , Kernel

The company is building a new IoT environment powered by Linux.
Solomon Hykes Leaves Docker

In a surprise move, Solomon Hykes, the creator of Docker has left the company.
Red Hat Celebrates 25th Anniversary with a New Code Portal

The company announces a GitHub page with links to source code for all its projects
Gnome 3.28 Released

Community , Gnome

The latest GNOME rolls out with better contact management and new features for handling virtual machines.
Install Firefox in a Snap on Linux

Community , Linux , Mozilla Foundation

Mozilla has picked the Snap package system to deliver its application to Linux users.
OpenStack Queens Released

OpenStack

The new release comes with new features for mission critical workloads.
Kali Linux Comes to Windows

Linux

The Kali Linux developers even managed to run full blown XFCE desktop via WSL.
Ubuntu to Start Collecting Some Data with Ubuntu 18.04

It will be an ‘opt-out’ feature.
CNCF Illuminates Serverless Vision

The Cloud Native Computing Foundation announces a paper describing their model for a serverless ecosystem.