A security researcher has discovered a flaw in a popular firewall that he says makes the tool vulnerable to denial-of-service attacks. The FireWall-1 product, developed by Checkpoint Software Technologies, can apparently be disabled by bombarding the tool with incomplete fragments of data packets.
Lance Spitzner, a member of the Global Enterprise Security Team at Sun Microsystems, said he discovered the flaw on May 27 while attempting to understand how FireWall-1 handles IP fragmentation.
Spitzner notified Checkpoint, which has developed a short-term solution and is working on a long-term fix for the problem.
Spitzner's research findings can be found at http:///www.enteract.com/~lspitz/fwtable.html.
Greg Smith, director of product marketing at Checkpoint, said the company has developed a workaround solution for the firewall, which protects a network from denial-of-service attacks. The workaround is available at the company's Web site.
He said a permanent fix for the problem will be included in the next release of the next service pack for FireWall-1 later this month.