Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot

Published: 2010-11-01
Last Updated: 2010-11-02 12:48:57 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
3 comment(s)

We have received reports that Checkpoint UTM-1 devices performed an unscheduled reboot. The initial reports we got indicate that the device rebooted at 10pm EDT on Oct. 30th, which happens to be midnight GMT.

There are several posts on Checkpoint support forums verifying this issue [1][2].

Checkpoint confirmed this problem [3] . According to Checkpoint, the reboot happened because of a timer that will roll over every 13.6 years.

This may be a 32 bit timer counting 1/10 seconds. 429 million seconds works out to just about 13.6 years.


[1] http://www.cpug.org/forums/check-point-utm-1-edge-appliances/14606-all-edge-firewalls-rebooted-10-30-2010-8-58-p-m.html
[2] http://jackofallit.wordpress.com/2010/10/30/checkpointsofaware-flashforward/
[3] http://isc.sans.edu/tag.html?tag=Checkpoint%20UTM1%20unscheduled%20reboot

 

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

3 comment(s)

CVE-2010-3654 exploit in the wild

Published: 2010-11-01
Last Updated: 2010-11-02 00:10:04 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
2 comment(s)

Remember the vulnerability we discussed in https://isc.sans.edu/diary.html?storyid=9835 It appears to be there is an exploit for CVE-2010-3654 in the wild. While Adobe publishes the security patches, consider mitigation measures published in APSA10-05 advisory.

More information at http://blog.fortinet.com/fuzz-my-life-flash-player-zero-day-vulnerability-cve-2010-3654/

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

2 comment(s)
Diary Archives