From 3dc0e9799853c333beacdf239b8eb3b8ed7fee94 Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Thu, 22 Mar 2012 10:29:05 -0500 Subject: [PATCH] Updating description and refs to Patrick's module There was some weirdness with the commit log on this module but it should all be kosher now. [Closes #260] --- modules/auxiliary/gather/checkpoint_hostname.rb | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/modules/auxiliary/gather/checkpoint_hostname.rb b/modules/auxiliary/gather/checkpoint_hostname.rb index 78bd6ea0d5..c96aa5a544 100644 --- a/modules/auxiliary/gather/checkpoint_hostname.rb +++ b/modules/auxiliary/gather/checkpoint_hostname.rb @@ -17,18 +17,21 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{ This module sends a query to the port 264/TCP on CheckPoint Firewall-1 firewalls to obtain the firewall name and management station - (such as SmartCenter) name via a pre-authentication topology request. - Note that the SecuriTeam reference listed here is not the same vulnerabilty, but it - does discus the same protocol and is somewhat related to this information - disclosure. + (such as SmartCenter) name via a pre-authentication request. The string + returned is the CheckPoint Internal CA CN for SmartCenter and the firewall + host. Whilst considered "public" information, the majority of installations + use detailed hostnames which may aid an attacker in focusing on compromising + the SmartCenter host, or useful for government, intelligence and military + networks where the hostname reveals the physical location and rack number + of the device, which may be unintentionally published to the world. }, 'Author' => [ 'patrick' ], 'DisclosureDate' => 'Dec 14 2011', # Looks like this module is first real reference 'References' => [ # patrickw - None? Stumbled across, probably an old bug/feature but unsure. - [ 'URL', 'http://www.osisecurity.com.au/advisories/' ], # Advisory coming soon, placeholder - [ 'URL', 'http://www.securiteam.com/securitynews/5HP0D2A4UC.html' ] # Related-ish + [ 'URL', 'http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure' ], + [ 'URL', 'https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk69360' ] ] ))