Archive for the ‘IPS’ category

Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

August 26th, 2011

An SK and IPS protection was release for that purpose the 25th:

Solution ID: sk65222

Product: Mobile Access / SSL VPN, Security Gateway, DLP-1, Endpoint Security Server

Version: R75, R71, NGX R66.1, E80.20, 7.x

OS: SecurePlatform, Windows, IPSO 6.2

Platform: All

Last Modified: 26-Aug-2011 by Michael Kapelevich

Access Level: General

Status: Approve

Originator: Michael Kapelevich

Owner: Michael Kapelevich

Technical Resource:

Symptoms

  • Apache HTTP server is vulnerable to denial of service by sending multiple requests with large number of ranges.
  • For more details refer to the Apache advisory
  • The following Check Point products are vulnerable:
    • Security Gateway with SSL VPN/Identity Awareness/DLP Software Blade - R71.10 and later, R75 and later
    • Connectra - R66.1, R66.1n
    • DLP-1 - R75 and later
    • EndPoint Security Server - all versions
  • To mitigate this threat Check Point released the following solutions:
    • Hotfixes for the vulnerable products.
    • An IPS protection CPAI-2011-402

Solution

Customers of the above products are advised to install the following Hotfixes.

Hotfix for Security Gateway products

  • Hotfix applies to the following versions:
    • Connectra R66.1, R66.1n
    • R71.40, R75.20
    • DLP-1 R71.20
  • Installation instructions:
    1. Download apacheCVE20113192.sh and copy it to the gateway machine
    2. chmod +x apacheCVE20113192.sh
    3. To install the hotfix run ‘apacheCVE20113192.sh install’. On standalone DLP gateway also run ‘cpstop ; cpstart’.
    4. To uninstall the hotfix run ‘apacheCVE20113192.sh uninstall’

Note that after installing the Hotfix for Security Gateway, any manual changes done to the Apache configuration files will be lost, in case the Hotfix is uninstalled.

Hotfix for EndPoint Security

  • Hotfix applies to the following versions on Windows platform: R80, R80.10, E80.20.
  • Installation instructions:
    1. Download range_header_vulnerability.bat and copy it to %UEPMDIR%\apache22\conf on the EPS Server machine
    2. To install the hotfix run ‘ range_header_vulnerability.bat’
    3. To uninstall the hotfix run ‘copy httpd.conf.backup htpd.conf’

Note that when upgrading Endpoint Security Server, the Apache configuration file will be overwritten, thus, this security fix should be applied again once you have upgraded.

No comments »

Posted in Check Point, IPS