Check Point Software has admitted that a flaw in its market-leading firewall product, Firewall-1, leaves it vulnerable to denial-of-service attacks.
Lance Spitzner, a member of the Global Enterprise security team at Sun Microsystems, discovered during routine security tests that the firewall can be brought down by exploiting the very mechanisms that are designed to log problems.
Spitzner discovered that a Firewall-1 gateway can be disabled by bombarding it with a stream of incomplete data packets, using a tool called Jolt 2, because of a flaw in its fragmentation logging process.
In a statement on its Web site, Check Point admitted: "A stream of large IP fragments can cause the Firewall-1 code that logs the fragmentation event to consume most available host-system CPU cycles."
Because systems become consumed with this logging, the normal functions of a firewall cannot be accomplished, leading to a denial of service.
The security vendor sought to play down the problem, saying that it does not allow a cracker to break into protected networks and that no real-world exploits had been reported by its customers.
But Check Point has been embarrassed by the flaw. Deri Jones, managing director at security tester NTA Monitor, said: "It is slightly embarrassing to Check Point that its log processes can overflow the system resources in this way. But firewall flaws occur on an irregular basis."
Check Point has advised users to disable console logging until it develops a long-term fix, which will be available with the next service pack of affected releases of Firewall-1, including versions 4.0 and 4.1.
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert