Check Point Firewall-1 4.1 Denial of Service Vulnerability

Firewall-1 is a firewall software package that provides many advanced features such as content filtering and network address translation. It is distributed by Check Point Software Technologies, and designed to run on various systems such as Sparc/Solaris or the Nokia Firewall Modules.

A problem with the license manager used with the Firewall-1 package could allow a Denial of Service. The problem manifests itself when the internal interface receives a large number of packets that are source routed and containing ficticious (or even valid) addresses. In a system containing a license with a limited number of protected IP addresses, the license manager calculates the address space protected by counting the number of addresses crossing the internal interface. When the large number of packets cross the internal interface, each IP address is added to the number calculated under license coverage. When the number of covered IP addresses is exceeded, an error message is generated on the console for each IP address outside of the covered range. With each error message generated, the load on the Firewall system CPU raises. This makes it possible for a user with malicious motives to make a firewall system inaccessible from the console by sending a large number of IP addresses to the internal interface.

Check Point Software has acknowledged this vulnerability and a workaround is available. For the workaround, see the solution section of this vulnerability database entry. This issue will be resolved in the next service pack.


Privacy Statement
Copyright 2010, SecurityFocus