Check Point Advisories

Hummingbird InetD LPD Component Buffer Overflow (CVE-2005-1815)

Check Point Reference: CPAI-2005-252
Date Published: 24 Mar 2010
Severity: High
Last Updated: Monday 06 April, 2015
Source:
Industry Reference:CVE-2005-1815
Protection Provided by:

Security Gateway
R77, R76, R75
Who is Vulnerable?
Vulnerability Description The Hummingbird InetD product provides Microsoft Windows PC platform users with some of the functionality of a UNIX host. The product provides server functions for TCP/IP based applications, enabling connectivity among Windows PCs and Unix hosts. A buffer overflow vulnerability exists in the LPD component of the Hummingbird InetD product. The issue is caused by improper processing of incoming TCP stream. Successful exploitation of this vulnerability can allow for arbitrary code to be executed on the target system with System level privileges. In a simple attack case aimed at creating a denial of service condition, the LPD child process serving the attack connection terminates. The terminated daemon constitutes an active connection to InetD. Since InetD controls the number of concurrent connections to the vulnerable LPD service, the service will become inaccessible after such number of attacks as is configured as the maximum concurrent connections. InetD at that point will stop accepting new LPD connection requests. In a more sophisticated attack scenario, where a malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the InetD service process, normally System.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated,
update your Security Gateway product to the latest IPS update.
For information on how to update IPS, go to

SBP-2006-05,
Protection tab and select the version of your choice.

Security Gateway R77 / R76 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Hummingbird InetD LPD Component Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

SmartView Tracker will log the following entries:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Hummingbird InetD LPD component buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK