The fix for R55 consists of replacing or changing a config file (cpsc.conf). Have a look at the release notes maybe the same trick will work on FP3.
Nico On Thu, Feb 05, 2004 at 09:49:58AM +0100, Roelandts, Guy wrote: > Hi all, > > Anybody found the Security Server HotFix for NG FP3?? I found the > ones for NG AI R54 & R55 ... But nothing for FP3. > > PS: I know people from CheckPoint read this list too ... When will > you stop changing the naming conventions of your builds!!! I > found a new version of SR/SC ... And it is called Desktop HFA-408 > when the AI HFA-408 will be there it will be easy to confuse > everyone, further more the easy naming convention from FP3 has > been changed for NG AI R5x and makes no sense anymore > > Met vriendelijke groeten - Bien � vous - Kind regards > Guy ROELANDTS > EMEA HPS Internet Expertise Centre - CCSE-NG > Hewlett-Packard Belgium B.V.B.A./S.P.R.L. > E-mail : [EMAIL PROTECTED] > Tel: +32(02)729.85.61 > Fax: +32(02)729.77.65 > ========================================================== > This message may contain confidential and/or proprietary information, > and is intended only for the person/entity to whom it was originally > addressed. The content of this message may contain private views and > opinions which do not constitute a formal disclosure or commitment > unless specifically stated. Should you receive this message by mistake > please inform the sender immediately. > ========================================================== > > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf > Of Deniz CEVIK > Sent: Thursday, February 05, 2004 08:05 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] FW: ISS Security Brief: Checkpoint Firewall-1 HTTP Parsing > Format String Vulnerabilities > > > http://www.checkpoint.com/techsupport/alerts/security_server.html > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Behalf Of Deniz CEVIK > Sent: Thursday, February 05, 2004 8:13 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] FW: ISS Security Brief: Checkpoint Firewall-1 HTTP Parsing > Format String Vulnerabilities > > Disabling HTTP security servers or HTTP checks in smartdefense may protect > against this vulnerabilities. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of X-Force > Sent: Thursday, February 05, 2004 3:00 AM > To: [EMAIL PROTECTED] > Subject: ISS Security Brief: Checkpoint Firewall-1 HTTP Parsing Format > String Vulnerabilities > > -----BEGIN PGP SIGNED MESSAGE----- > > Internet Security Systems Security Brief > February 4, 2004 > > Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities > > Synopsis: > > ISS X-Force has discovered a flaw in the HTTP Application Intelligence > component of Firewall-1. Application Intelligence is a relatively recent > addition to the Firewall-1 product line and functions as an application > proxy between untrusted networks and network servers for the purpose of > detecting and preventing potential attacks. The vulnerabilities also exist > within the HTTP Security Server application proxy that ships with all > versions of Firewall-1 (including those prior to Application Intelligence > releases). The affected components contain several remotely exploitable > format string vulnerabilities. > > Impact: > > If HTTP Application Intelligence is enabled or the HTTP Security Server is > used, a remote unauthenticated attacker may exploit one of these > vulnerabilities and execute commands under the security context of the > super-user, usually "SYSTEM", or "root". This attack may lead to direct > compromise of the Firewall-1 server. > > Remote attackers may leverage this attack to successfully compromise heavily > hardened networks by modifying or tampering with the firewall rules and > configuration. > > Affected Versions: > > Checkpoint Firewall-1 NG-AI R55, R54, including SSL hotfix > Checkpoint Firewall-1 HTTP Security Server included with NG FP1, FP2, FP3 > Checkpoint Firewall-1 HTTP Security Server included with 4.1 > > For the complete ISS X-Force Security Advisory, please visit: > http://xforce.iss.net/xforce/alerts/id/162 > > ______ > > About Internet Security Systems (ISS) > Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a > pioneer and world leader in software and services that protect critical > online resources from an ever-changing spectrum of threats and misuse. > Internet Security Systems is headquartered in Atlanta, GA, with > additional operations throughout the Americas, Asia, Australia, Europe > and the Middle East. > > Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved > worldwide. > > Permission is hereby granted for the electronic redistribution of this > document. It is not to be edited or altered in any way without the > express written consent of the Internet Security Systems X-Force. If you > wish to reprint the whole or any part of this document in any other > medium excluding electronic media, please email [EMAIL PROTECTED] for > permission. > > Disclaimer: The information within this paper may change without notice. > Use of this information constitutes acceptance for use in an AS IS > condition. There are NO warranties, implied or otherwise, with regard to > this information or its use. Any use of this information is at the > user's risk. In no event shall the author/distributor (Internet Security > Systems X-Force) be held liable for any damages whatsoever arising out > of or in connection with the use or spread of this information. > X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, > as well as at http://www.iss.net/security_center/sensitive.php > Please send suggestions, updates, and comments to: X-Force > [EMAIL PROTECTED] of Internet Security Systems, Inc. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBQCGVRTRfJiV99eG9AQFfRwP+OCD0Xsr9IBE6px/j2qqiTmwdvPSAYLO/ > bqepAnphBzdSqntioJia+kigj6uRfkmLdtZI71/AMRXX8JCKlrjug7X0rUi4UYdr > h4z1EvSwnxpHuOb689mTZdCPB8jd7YPP8/zv3ThtqLN5kVhNRBhyAlmLtDLeBp1V > 0jpgauPcv2Y= > =2R0P > -----END PGP SIGNATURE----- > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Senior System Administrator Sony Service Center (NSCE/VPE-B) The Corporate Village, Da Vincilaan 7-D1 B-1935 Zaventem, Belgium Telephone: +32 (0)2 706 43 11 Fax: +32 (0)2 700 86 22 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
