Flaw detected in Check Point security

FireWall-1 and VPN-1 have a problem that could let intruders through a firewall or enable a DoS attack

Two of the most popular pieces of security software on the Internet contain a newly discovered flaw that could enable an intruder to send traffic through a firewall or possibly launch a denial-of-service attack.

Check Point Software Technologies' popular FireWall-1 and VPN-1 products have a vulnerability in the way they handle Reliable Data Protocol packets. Instead of verifying the source of the packets, the software only checks the destination (port 259 in this case) and makes sure that the RDP command is present before allowing the traffic into or out of the firewall or VPN gateway.

An attacker need only add a false RDP header to a normal User Datagram Protocol packet, and the traffic could be sent to port 259 on any host on either side of the firewall.

The vulnerability was discovered by Inside Security, a German security concern. It affects Check Point FireWall-1 4.1 and VPN-1. Check Point, of Redwood City, California, has issued a patch for the vulnerability.

FireWall-1, widely used by telecommuters and other home broadband users, is among the most popular firewalls on the market.

The CERT Coordination Centre has also issued an advisory about the flaw, warning that, because an attacker would be able to pass traffic through the firewall or VPN gateway, software could be planted to be used later in a DoS attack.

In addition, if an attacker gains control of a machine inside of the firewall, he or she might also be able to establish a tunnel to push traffic through the firewall.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.