Signature Detail

HTTP: CheckPoint AI/SD Scheme Overflow

This signature detects attempts to exploit a known vulnerability in the CheckPoint AI/Smart Defense HTTP proxy engine. Attackers can send an overly long scheme to crash the proxy engine, creating a denial of service (DoS) or enabling the attackers to take control of the firewall as root. False positives can occur when Web servers use the ":" character in file names beyond the 13th character of the path.

Extended Description

Problems in the handling of some types of HTTP requests from remote users have been identified in Check Point Firewall-1 HTTP Application Intelligence and HTTP Security Server. Because of this, it is possible for a remote attacker to gain unauthorized access to a vulnerable system with administrative privileges.

Affected Products

• Check Point Software Firewall-1 4.1.0
• Check Point Software Firewall-1 4.1.0 SP1
• Check Point Software Firewall-1 4.1.0 SP2
• Check Point Software Firewall-1 4.1.0 SP3
• Check Point Software Firewall-1 4.1.0 SP4
• Check Point Software Firewall-1 4.1.0 SP5
• Check Point Software Firewall-1 4.1.0 SP6
• Check Point Software Firewall-1
• Check Point Software FireWall-1 R55W HFA3
• Check Point Software Next Generation FP1
• Check Point Software Next Generation FP2
• Check Point Software Next Generation FP3
• Check Point Software Next Generation FP3 HF1
• Check Point Software Next Generation FP3 HF2
• Check Point Software NG-AI R54
• Check Point Software NG-AI R55
• Check Point Software NG-AI
• Check Point Software Nokia Voyager 4.1

References

• BugTraq: 9581
• CVE: CVE-2004-0039
• URL: http://www.securityfocus.com/bid/9581
• URL: http://www.us-cert.gov/cas/techalerts/TA04-036A.html
• URL: http://www.checkpoint.com/techsupport/alerts/security_server.html