ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1

• Previous message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Next message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rubens Kuhl Jr. wrote:

> 
> Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
> Vendor Notification Schedule:
> Vendor notified - 2/2/2004
> Checkpoint patch developed and made available - 2/4/2004
> ISS X-Force Advisory released - 2/4/2004
> 
> Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
> Vendor Notification Schedule:
> Vendor notified - 2/2/2004
> Checkpoint patch developed and made available - 2/4/2004
> ISS X-Force Advisory released - 2/4/2004
> 
> Isn't it curious that two unrelated issues have been reported to CheckPoint
> at the same day and the patches came out on the same day ?
> Am I too paranoid, or it seems that CheckPoint had previous knowledge of the
> bugs and they agreed with ISS which date would be stated as notification to
> CP to make it appears that a quick response (two days) has been achieved on
> those issues ?

Uh... yeah, that's how these things are _supposed_ to work. Did
you read the ISS advisory?

   Checkpoint has released an update to address this issue. The update is
   available at the following address:
   http://www.checkpoint.com/techsupport/alerts/index.html

   Vendor Notification Schedule:

   Vendor notified – 2/2/2004
   Checkpoint patch developed and made available – 2/4/2004
   ISS X-Force Advisory released – 2/4/2004

   ISS X-Force published this Security Advisory in coordination with the
   affected vendor in accordance to our published Vulnerability Disclosure
   Guidelines, available at the following address:
   http://documents.iss.net/literature/vulnerability_guidelines.pdf

> ----- Original Message ----- 
> From: "Ingevaldson, Dan (ISS Atlanta)" <dsi at iss.net>
> To: <nanog at merit.edu>
> Sent: Thursday, February 05, 2004 1:32 AM
> Subject: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
> 
> 
> 
> Nanog-
> 
> ISS X-Force release two X-Force Security Advisories this evening
> detailing high-risk issues in Checkpoint Firewall-1 and VPN-1.  Please
> refer to the following URLs for more information:
> 
> http://xforce.iss.net/xforce/alerts/id/162
> http://xforce.iss.net/xforce/alerts/id/163
> 
> ------------------
> Daniel Ingevaldson
> Director, X-Force R&D
> dsi at iss.net
> 404-236-3160
> 
> Internet Security Systems, Inc.
> The Power to Protect
> http://www.iss.net
> 
> 


-- 
Crist J. Clark                               crist.clark at globalstar.com
Globalstar Communications                                (408) 933-4387

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited.  If you have
received this e-mail in error, please contact postmaster at globalstar.com

• Previous message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Next message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]