The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Check Point cluster stability improvement to prevent incorrect change of cluster members state to "Ready"
| Solution ID |
sk108360 |
| Product |
ClusterXL, Cluster - 3rd party |
| Version |
R75, R76, R77, R77.10, R77.20, R77.30 |
| OS |
Gaia, SecurePlatform 2.6, IPSO 6.2, Windows |
| Platform / Model |
All |
| Date Created |
07-Dec-2015
|
| Last Modified |
21-May-2017
|
Symptoms
It was demonstrated that by forging CCP packets, it is possible to "confuse" cluster members about the state of peer members and cause denial of service (cluster members could be forced to incorrectly change their state to "Ready").
Credit: Check Point thanks Christian Port for responsible disclosure of this issue.
Cause
This attack is possible if a malicious user gains Layer 2 access to cluster non-trusted (non-sync) interfaces (whose "Network Objective" in cluster object topology is not "Sync").
Solution
|
Note: To view this solution you need to
Sign In
.
|
