Check Point Advisories

NNTP (CVE-2005-1213; CVE-2004-0574)

Check Point Reference: CPAI-2005-104
Date Published: 6 Jul 2005
Severity: High
Last Updated: 6 Jul 2005
Source:
Industry Reference:CVE-2005-1213
CVE-2004-0574
Protection Provided by:

Security Gateway
R80, R77, R75, R71, R70

Who is Vulnerable?
Vulnerability Description

Protection Overview

This protection checks for the validity of response messages to the potentially malicious LIST and UPDATE LIST commands. The detect mode makes it possible to track NNTP protocol violation without blocking the connection.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the NNTP protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:.

Attack Name:  NNTP Enforcement Error.
Attack Information:  An internal handling error has occurred. This may be caused by a corrupt packet or internal limits exceeded. .

Attack Name:  NNTP Buffer Overflow.
Attack Information:  NNTP XPAT Search command buffer overflow.

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO