ID

VAR-199907-0025


CVE

CVE-1999-0770


TITLE

Firewall-1 Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199907-034

DESCRIPTION

Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. A denial of service condition exists in some implementations of Firewall-1 by Checkpoint Software. This denial of service attack is possible due to the way Firewall-1 handles TCP connections. Typically to initiate a TCP connection, a SYN packet is sent to the destination host. On systems where Firewall-1 is installed, this packet is first passed through an internal stack maintained by the Firewall before it is passed onto the operating system's native stack. When Firewall-1 filters this packet, it checks it against the rule base. If the session is allowed where it's rulebase is concerned, it is added to the connections table with a timeout of 60 seconds. When the remote host responds with an ACK (Acknowledge) packet, the session is bumped up to a 3600 second timeout. However, if you initiate a connection with an ACK packet, Firewall-1 compares it against the rule base, if allowed it is added to the connections table. However, the timeout is set to 3600 seconds and does not care if a remote system responds. You now have a session with a 1 hour timeout, even though no system responded. If this is done with a large amount of ACK packets, it will result in a full connections table. This results in your Firewall-1 refusing subsequent connections from any source effectively rendering the Firewall-1 useless in a 'failed closed' state

Trust: 1.26

sources: NVD: CVE-1999-0770 // BID: 549 // VULHUB: VHN-751

AFFECTED PRODUCTS

vendor:checkpointmodel:firewall-1scope:eqversion:4.0

Trust: 1.6

vendor:checkpointmodel:firewall-1scope:eqversion:3.0

Trust: 1.6

vendor:checkmodel:point software firewall-1scope:eqversion:4.0

Trust: 0.3

vendor:checkmodel:point software firewall-1scope:eqversion:3.0

Trust: 0.3

sources: BID: 549 // CNNVD: CNNVD-199907-034 // NVD: CVE-1999-0770

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0770
value: LOW

Trust: 1.0

CNNVD: CNNVD-199907-034
value: LOW

Trust: 0.6

VULHUB: VHN-751
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-1999-0770
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-751
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-751 // CNNVD: CNNVD-199907-034 // NVD: CVE-1999-0770

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0770

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-199907-034

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199907-034

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-751

EXTERNAL IDS

db:BIDid:549

Trust: 2.0

db:NVDid:CVE-1999-0770

Trust: 1.7

db:OSVDBid:1027

Trust: 1.7

db:CNNVDid:CNNVD-199907-034

Trust: 0.7

db:EXPLOIT-DBid:19436

Trust: 0.1

db:VULHUBid:VHN-751

Trust: 0.1

sources: VULHUB: VHN-751 // BID: 549 // CNNVD: CNNVD-199907-034 // NVD: CVE-1999-0770

REFERENCES

url:http://www.securityfocus.com/bid/549

Trust: 2.7

url:http://www.osvdb.org/1027

Trust: 2.7

url:http://www.enteract.com/~lspitz/fwtable.html

Trust: 0.3

url:http://www.phoneboy.com/fw1/faq/0289.html

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-751 // BID: 549 // CNNVD: CNNVD-199907-034 // NVD: CVE-1999-0770

CREDITS

This problem was discovered and documented by Lance Spitzner <lance@spitzner.net>. This discovery was posted by Lance to the Bugtraq mailing list on Thu, 29 Jul 1999. Both the discussion and exploit section of this Vulnerability were almost wholly derived

Trust: 0.3

sources: BID: 549

SOURCES

db:VULHUBid:VHN-751
db:BIDid:549
db:CNNVDid:CNNVD-199907-034
db:NVDid:CVE-1999-0770

LAST UPDATE DATE

2024-11-22T23:00:11.957000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-751date:2008-09-09T00:00:00
db:BIDid:549date:1999-07-29T00:00:00
db:CNNVDid:CNNVD-199907-034date:2005-05-02T00:00:00
db:NVDid:CVE-1999-0770date:2024-11-20T23:29:25.823

SOURCES RELEASE DATE

db:VULHUBid:VHN-751date:1999-07-29T00:00:00
db:BIDid:549date:1999-07-29T00:00:00
db:CNNVDid:CNNVD-199907-034date:1999-07-29T00:00:00
db:NVDid:CVE-1999-0770date:1999-07-29T04:00:00