nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1

From: "Rubens Kuhl Jr." <rubens () email com>
Date: Thu, 5 Feb 2004 17:37:48 -0200


Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
Vendor Notification Schedule:
Vendor notified - 2/2/2004
Checkpoint patch developed and made available - 2/4/2004
ISS X-Force Advisory released - 2/4/2004

Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
Vendor Notification Schedule:
Vendor notified - 2/2/2004
Checkpoint patch developed and made available - 2/4/2004
ISS X-Force Advisory released - 2/4/2004

Isn't it curious that two unrelated issues have been reported to CheckPoint
at the same day and the patches came out on the same day ?
Am I too paranoid, or it seems that CheckPoint had previous knowledge of the
bugs and they agreed with ISS which date would be stated as notification to
CP to make it appears that a quick response (two days) has been achieved on
those issues ?


Rubens


----- Original Message ----- 
From: "Ingevaldson, Dan (ISS Atlanta)" <dsi () iss net>
To: <nanog () merit edu>
Sent: Thursday, February 05, 2004 1:32 AM
Subject: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1



Nanog-

ISS X-Force release two X-Force Security Advisories this evening
detailing high-risk issues in Checkpoint Firewall-1 and VPN-1.  Please
refer to the following URLs for more information:

http://xforce.iss.net/xforce/alerts/id/162
http://xforce.iss.net/xforce/alerts/id/163

------------------
Daniel Ingevaldson
Director, X-Force R&D
dsi () iss net
404-236-3160

Internet Security Systems, Inc.
The Power to Protect
http://www.iss.net
Previous By Date Next
Previous By Thread Next

Current thread: