ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
Rubens Kuhl Jr.
rubens at email.com
Thu Feb 5 19:37:48 UTC 2004
Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
Vendor Notification Schedule:
Vendor notified - 2/2/2004
Checkpoint patch developed and made available - 2/4/2004
ISS X-Force Advisory released - 2/4/2004
Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
Vendor Notification Schedule:
Vendor notified - 2/2/2004
Checkpoint patch developed and made available - 2/4/2004
ISS X-Force Advisory released - 2/4/2004
Isn't it curious that two unrelated issues have been reported to CheckPoint
at the same day and the patches came out on the same day ?
Am I too paranoid, or it seems that CheckPoint had previous knowledge of the
bugs and they agreed with ISS which date would be stated as notification to
CP to make it appears that a quick response (two days) has been achieved on
those issues ?
Rubens
----- Original Message -----
From: "Ingevaldson, Dan (ISS Atlanta)" <dsi at iss.net>
To: <nanog at merit.edu>
Sent: Thursday, February 05, 2004 1:32 AM
Subject: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
Nanog-
ISS X-Force release two X-Force Security Advisories this evening
detailing high-risk issues in Checkpoint Firewall-1 and VPN-1. Please
refer to the following URLs for more information:
http://xforce.iss.net/xforce/alerts/id/162
http://xforce.iss.net/xforce/alerts/id/163
------------------
Daniel Ingevaldson
Director, X-Force R&D
dsi at iss.net
404-236-3160
Internet Security Systems, Inc.
The Power to Protect
http://www.iss.net
More information about the NANOG
mailing list