Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Mark E (mjeWIN2000MAG.COM)
Date: Fri Sep 21 2001 - 11:06:01 CDT
Original located here:
September 19, 2001
An issue exists in VPN-1/FireWall-1 Management Server running on Windows NT
or Windows 2000. A malicious administrator can exploit a buffer overflow
condition in the GUI authentication code to potentially impair management
station functionality or to execute code. Any attack must come from an IP
address explicitly defined as an authorized GUI client. Only management
stations running Windows NT or Windows 2000 are affected. This includes any
standalone VPN-1/FireWall-1 Gateways (with Management Server and enforcement
points installed on the same machine), but does not include module-only
(enforcement point) installations.
This issue affects VPN-1/FireWall-1 4.0, 4.1, and Next Generation systems.
Hotfixes for VPN-1/FireWall-1 4.0 SP8, 4.1 SP4, 4.1 SP5, and Next Generation
Hotfix-2 are available for immediate download at
Apply the relevant GUI Buffer Overflow Hotfix to the management station.
Who is affected:
All installations of VPN-1/FireWall-1 with Management Servers running on
Windows NT or Windows 2000.
Allow GUI connections only from trusted hosts.
Changes made in the Hotfix:
The buffer checking on the Management Server has been improved.
The GUI Buffer Overflow Hotfix is available for immediate download at the
Software Subscription Download Site for the following versions:
VPN-1/FireWall-1 4.0 SP8
VPN-1/FireWall-1 4.1 SP4
VPN-1/FireWall-1 4.1 SP5
VPN-1/FireWall-1 NG HF2
NOTE: Management Servers with versions older than those listed above must be
first upgraded and then have the GUI Buffer Overflow Hotfix applied.
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net