Check Point Firewall-1 SMTP Security Server Denial of Service Vulnerability

vendor:

Firewall-1

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: Firewall-1

Affected Version From: Firewall-1 4.0

Affected Version To: Firewall-1 4.1

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2001

Check Point Firewall-1 SMTP Security Server Denial of Service Vulnerability

The Check Point Firewall-1 SMTP Security Server in Firewall-1 4.0 and 4.1 on Windows NT is vulnerable to a simple network-based attack which can increase the firewall's CPU utilization to 100%. Sending a stream of binary zeros (or other invalid SMTP commands) to the SMTP port on the firewall raises the target system's load to 100% while the load on the attacker's machine remains relatively low. According to Check Point Software this only disables mail relay while allowing other firewall operations to continue normally. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as 'nc firewall 25 < /dev/zero'.

Mitigation:

Check Point has released a patch to address this issue.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1416/info

The Check Point Firewall-1 SMTP Security Server in Firewall-1 4.0 and 4.1 on Windows NT is vulnerable to a simple network-based attack which can increase the firewall's CPU utilization to 100%. Sending a stream of binary zeros (or other invalid SMTP commands) to the SMTP port on the firewall raises the target system's load to 100% while the load on the attacker's machine remains relatively low. According to Check Point Software this only disables mail relay while allowing other firewall operations to continue normally. 


This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc firewall 25 < /dev/zero".