Signature Detail

HTTP: CheckPoint AI/SD Scheme Overflow

This signature detects attempts to exploit a known vulnerability in the CheckPoint AI/Smart Defense HTTP proxy engine. Attackers can send an overly long scheme to crash the proxy engine, creating a denial of service (DoS) or enabling the attackers to take control of the firewall as root. False positives can occur when Web servers use the ":" character in file names beyond the 13th character of the path.

Extended Description

Problems in the handling of some types of HTTP requests from remote users have been identified in Check Point Firewall-1 HTTP Application Intelligence and HTTP Security Server. Because of this, it is possible for a remote attacker to gain unauthorized access to a vulnerable system with administrative privileges.

Affected Products

• Check_point_software firewall-1 4.1.0
• Check_point_software firewall-1 4.1.0 SP1
• Check_point_software firewall-1 4.1.0 SP2
• Check_point_software firewall-1 4.1.0 SP3
• Check_point_software firewall-1 4.1.0 SP4
• Check_point_software firewall-1 4.1.0 SP5
• Check_point_software firewall-1 4.1.0 SP6
• Check_point_software firewall-1 R55W HFA3
• Check_point_software firewall-1
• Check_point_software next_generation FP1
• Check_point_software next_generation FP2
• Check_point_software next_generation FP3
• Check_point_software next_generation FP3 HF1
• Check_point_software next_generation FP3 HF2
• Check_point_software ng-ai R54
• Check_point_software ng-ai R55
• Check_point_software ng-ai
• Check_point_software nokia_voyager 4.1

References

• BugTraq: 9581
• CVE: CVE-2004-0039
• URL: http://www.securityfocus.com/bid/9581
• URL: http://www.us-cert.gov/cas/techalerts/TA04-036A.html
• URL: http://www.checkpoint.com/techsupport/alerts/security_server.html