----- Forwarded message from Scott Walker Register <[EMAIL PROTECTED]>
-----
From: Scott Walker Register <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Check Point response to RDP Bypass
Date: Mon, 9 Jul 2001 10:33:42 -0500
Message-ID: <Chameleon.994689280.walker@stinky>
X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E]
Check Point uses a protocol called RDP (UDP/259) for some internal communication
between software components (this is not the same RDP as IP protocol 27). By default,
VPN-1/FireWall-1 allows RDP packets to traverse firewall gateways in order to simplify
encryption setup. Under some conditions, packets with RDP headers could be
constructed which would be allowed across a VPN-1/FireWall-1 gateway without being
explicitly allowed by the rule base.
A hotfix is available for immediate download which addresses this issue. Further
details are available at http://www.checkpoint.com/techsupport/alerts/ .
Check Point acknowledges Jochen Bauer and Boris Wesslowski of Inside Security GmbH,
Stuttgart, Germany, for this contribution and their ethical and forthright cooperation.
----- End forwarded message -----
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
