In-Reply-To: <[EMAIL PROTECTED]> Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server & management are separated. It seems that syslog is running on port 514udp:
$ ps -aef | grep syslog root 7239 7231 0 Mar23 ? 00:00:01 syslog 514 all Maybe the wording Checkpoint used on their web site. "Prior to the release of NG FP3 HF2......." really does include ALL releases before FP3 Rizan >Received: (qmail 16221 invoked from network); 21 Mar 2003 23:10:48 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 21 Mar 2003 23:10:48 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id 337008F31B; Fri, 21 Mar 2003 16:10:34 -0700 (MST) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 1533 invoked from network); 21 Mar 2003 18:47:50 -0000 >Message-ID: <[EMAIL PROTECTED] s.hodc.ad.allstate.com> >From: "Hines, Eric" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog > daemon possible >Date: Fri, 21 Mar 2003 12:59:20 -0600 >MIME-Version: 1.0 >X-Mailer: Internet Mail Service (5.5.2653.19) >content-class: urn:content-classes:message >Content-Type: text/plain; > charset="iso-8859-1" > >Alright. I was just concerned because of the wording Checkpoint used on >their web site. >"Prior to the release of NG FP3 HF2......." > >I'm going to assume they were referring to the HF2 portion of that, and not >< FP3 > > >Eric Hines > > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Sent: Friday, March 21, 2003 12:53 PM >To: Hines, Eric >Cc: Maillist Bugtraq; Dr. Peter Bieringer >Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against >syslog daemon possible > > > >The daemon was apparently only introduced since FP3 > > > > > > "Hines, Eric" > > <[EMAIL PROTECTED] To: "Dr. Peter >Bieringer" <[EMAIL PROTECTED]>, Maillist Bugtraq > om> <[EMAIL PROTECTED]> > > cc: > > 21/03/2003 06:31 Subject: Re: Check Point >FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon > pm possible > > > > > > > >Has anyone tested these vulnerabilities on NG FP1 or are they strictly >related to FP3? > >Eric Hines > > > > >-----Original Message----- >From: Dr. Peter Bieringer [mailto:[EMAIL PROTECTED] >Sent: Friday, March 21, 2003 6:47 AM >To: Maillist Bugtraq; Maillist full-disclosure >Subject: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog >daemon possible > > >Hi all, > >interesting for all Check Point FW-1 NG users which have enabled the >since >FP3 included syslog daemon. > > > > >
