Hi all: I'm sure by now you've seen the reports about the exploitability (err, the latest) with Outlook/Outlook Express. I've been doing some vulnerability testing on our network and have found an interesting thing. We're setup using FW-1 4.0 SP5 SMTP CVP and Norton Anti-Virus 1.04 for firewalls(1.50 is broken, so we don't use it). In trying to send an e-mail from sendmail (8.9.3) using the bad "Date" line downloaded from http://www.securityfocus.com/data/vulnerabilities/exploits/outsploit.txt I can't seem to get the e-mail to go through the firewall. Every time I get a log entry which looks like: "293146" "18Jul2000" "20:49:41" "daemon" "10.1.1.1" "log" "reject" "smtp" "SUN_Sparc5" "Mailbox" "tcp" "3" "42386" "" "" "" "" "" "" "" " agent mail dequeuer orig_from <[EMAIL PROTECTED]> orig_to <[EMAIL PROTECTED]> from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> reason Connection to Content Security Server failed" I find that the e-mail is stuck in the spool directory as an "R" which generally means (I think) "Received, waiting for security server's response." I have not yet done a trace on the connection between the NAVFW machine and the Firewall, but it appears that NAV is dropping the connection when the Date: line is sent. This may be because there is non-ASCII data in the e-mail but I really don't care so long as it doesn't get into my network. I'd like to know if there is anyone else who's received the same result, with NAVFW or even another content filter. If so, then all of us using Content Filtering should thank Checkpoint for their protocol design or NAV for dropping the connection! Good luck all, see you when the next bug comes out! Daniel Katz-Braunschweig Network Specialist - Iona College MCSE, CNA ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
[FW1] New Outlook Exploit and Firewall-1/NAVFW
Iona College Firewall Mailing List Tue, 18 Jul 2000 18:10:01 -0700
- Re: [FW1] New Outlook Exploit and Firew... Iona College Firewall Mailing List
- Re: [FW1] New Outlook Exploit and ... Joe Matusiewicz
- RE: [FW1] New Outlook Exploit and ... Iona College Firewall Mailing List
- RE: [FW1] New Outlook Exploit and ... Brian Cavanaugh
