View Full Version : Change the name of the "CIFS" Service Group

2010-10-21, 06:29
Hi Guys,

I run a Mcafee secure vulnerability scanner on our network devices.
It flagged up this error when scanner my checkpoint UTM-1.

"A vulnerability has been identified in multiple Check Point products, which could be exploited by remote attackers bypass security policies. This issue is due to a design error where a service group and a protocol type share the same name "CIFS" (Common Internet File System), which could be exploited by a remote attacker on a network designated as a member of a CIFS service group to bypass firewall rules and reach hosts that would normally be protected.

Affected Products

Check Point Provider-1 Check Point SecurePlatform NGX Check Point VPN-1/Firewall-1 NG Check Point VPN-1/FireWall-1 NG AI Check Point VPN-1 VSX NG

CVSS2# 7.5, CVE-2005-2889, (AV:N/AC:L/Au:N/C:P/I:P/A:P) "

I'm pretty sure im clear of this because im running r70.20.

Just wanted to check, can anyone confirm?


2010-10-21, 06:42
More info:

This problem was fixed in HFA (HotFix Accumulator) VPN-1/Firewall-1 NGX R60 HFA_01.
The fix is included in this HFA, and in all higher HFAs of the above product & version combination.

2010-10-21, 06:46
Thank you, just wanted to confirm

2010-10-21, 19:20
Ah, I love "vulnerability" scanners....says the man who's trying wade through screeds of Nessus false positives...

2010-10-22, 09:35
Ah, I love "vulnerability" scanners....says the man who's trying wade through screeds of Nessus false positives...

Yup, I think more than a few of us have also been there and done that. There have been several years I actually enjoyed arguing over a results list with the few auditors who understood networks for the most part (but not more than me). The worst case is when the auditor should clearly have nothing to do with networks because they know nothing about them. It's like talking to a wall sometimes... I mean, how can you justify something when the guy has no clue what you're talking about?