Title: Check Point Firewall-1 4.1 Denial of Service Vulnerability
Severity: HIGH
Description:
Firewall-1 is a firewall software package that provides many advanced features such as content filtering and network address translation. It is distributed by Check Point Software Technologies, and designed to run on various systems such as Sparc/Solaris or the Nokia Firewall Modules.
A problem with the license manager used with the Firewall-1 package could allow a Denial of Service. The problem manifests itself when the internal interface receives a large number of packets that are source routed and containing ficticious (or even valid) addresses. In a system containing a license with a limited number of protected IP addresses, the license manager calculates the address space protected by counting the number of addresses crossing the internal interface. When the large number of packets cross the internal interface, each IP address is added to the number calculated under license coverage. When the number of covered IP addresses is exceeded, an error message is generated on the console for each IP address outside of the covered range. With each error message generated, the load on the Firewall system CPU raises. This makes it possible for a user with malicious motives to make a firewall system inaccessible from the console by sending a large number of IP addresses to the internal interface.
Check Point Software has acknowledged this vulnerability and a workaround is available. For the workaround, see the solution section of this vulnerability database entry. This issue will be resolved in the next service pack.
Affected Products:
- Check Point Software Firewall-1 4.1.0
- Check Point Software Firewall-1 4.1.0 SP1
- Check Point Software Firewall-1 4.1.0 SP2
- Check Point Software Firewall-1 4.1.0 SP3
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
