Check Point Software Technologies: Pure Security

FireWall-1 HTTP Security Server Vulnerability

Posted: 04 February 2004
Updated: 06 February 2004

A vulnerability in the FireWall-1 HTTP Security Servers exists that may cause it to crash in certain circumstances, which is very difficult to manipulate but might allow further exploitation. This issue only exists when using HTTP Security Servers.

In order to protect FireWall-1 against this vulnerability, Check Point recommends that customers apply a simple change to a configuration file on the enforcement modules that will solve the problem.

Affected Releases:
VPN-1/FireWall-1 NG and above, only when using HTTP Security Servers.

NOTE: VPN-1/FireWall-1 4.1 (all Service Packs) are NOT affected.

If the HTTP Security Servers are not in use on the module, there is no need to install the update.

The update is applicable on the following releases:

  1. NG FP3 HF2
  2. NG with Application Intelligence R54
  3. NG with Application Intelligence R55
  4. Other NG based releases (NG FCS, NG FP1, NG FP2 ...)

This update is available to all customers from the links below. This same update is applied to all platforms and releases of Next Generation and Next Generation with Application Intelligence.

FireWall-1 HTTP Security Server Update
(11.60 KB, MD5:53b05a8374145058f27e079cafa06add)

Simple Installation Instructions:
In most deployments, the cpsc.conf file, located in $FWDIR/lib/ and cpsc.en_us file, located in $FWDIR/conf/cpsc/ have not been manually adjusted. Apply the update by replacing the cpsc.en_us and cpsc.conf with the new version as follows:

  1. Download the new cpsc.conf file from Check Point
  2. Create a backup of $FWDIR/conf/cpsc/cpsc.en_us
  3. Copy and rename the new cpsc.conf file to $FWDIR/conf/cpsc/cpsc.en_us

    Note: If you are using non-English language, replace the cpsc.XXX file appropriate for your language.

  4. In addition, copy the new cpsc.conf file to $FWDIR/lib/cpsc.conf, overwriting the old cpsc.conf file
  5. Activate the change by running "fw kill fwd" to restart the fwd

For additional detailed instructions to manually edit the cpsc.conf file, click here.