Hi,
On Wed, Oct 03, 2007 at 10:43:01PM -0400, Ray wrote:
> http://www.theregister.co.uk/2007/10/03/check_point_pentest/ - I glanced
> through it and it looks like you have to have a bad admin, and if you've got
> that it's game over anyway.
What it reveals is that a whole bunch of commands do have straight buffer
overflow coding errors, which indeed is depressing for a security product.
On the other hand, it does not actually present any vulnerability. The PoC
"exploit" doesn't get you a root /bin/sh, it get's you a "root /bin/s"
and the paper essentially is a demonstration that the odd limitations
of cpshell input character sets eliminated any attack vectors that might
have been left open by ExecShield (which was most likely unintentional
luck by CP). So there's no reason for blind actionism if you're operating
a SPLAT the most normal way (where the cpshell admin would know the expert
password anyway), but still for increased awareness (monitor for unexpected
core dumps, for instance).
What I expect though is CP going out and fixing any buffer overflows,
executable stacks and thelikes ASAP. And it would only help if they
could finally get SPLAT up to a somewhat current Linux base and flange
it with a state of the art update packet repository like apt (or at
least yum)...
--
.sig making fun of Santa Claus Operation currently unavailable
-> Andre Beck +++ ABP-RIPE +++ IBH Prof. Dr. Horn GmbH, Dresden <-
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
