nanog mailing list archives
Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
From: Crist Clark <crist.clark () globalstar com>
Date: Thu, 05 Feb 2004 11:54:15 -0800
Rubens Kuhl Jr. wrote:
Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities Vendor Notification Schedule: Vendor notified - 2/2/2004 Checkpoint patch developed and made available - 2/4/2004 ISS X-Force Advisory released - 2/4/2004 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow Vendor Notification Schedule: Vendor notified - 2/2/2004 Checkpoint patch developed and made available - 2/4/2004 ISS X-Force Advisory released - 2/4/2004 Isn't it curious that two unrelated issues have been reported to CheckPoint at the same day and the patches came out on the same day ? Am I too paranoid, or it seems that CheckPoint had previous knowledge of the bugs and they agreed with ISS which date would be stated as notification to CP to make it appears that a quick response (two days) has been achieved on those issues ?
Uh... yeah, that's how these things are _supposed_ to work. Did you read the ISS advisory? Checkpoint has released an update to address this issue. The update is available at the following address: http://www.checkpoint.com/techsupport/alerts/index.html Vendor Notification Schedule: Vendor notified – 2/2/2004 Checkpoint patch developed and made available – 2/4/2004 ISS X-Force Advisory released – 2/4/2004 ISS X-Force published this Security Advisory in coordination with the affected vendor in accordance to our published Vulnerability Disclosure Guidelines, available at the following address: http://documents.iss.net/literature/vulnerability_guidelines.pdf
----- Original Message ----- From: "Ingevaldson, Dan (ISS Atlanta)" <dsi () iss net>To: <nanog () merit edu> Sent: Thursday, February 05, 2004 1:32 AM Subject: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Nanog- ISS X-Force release two X-Force Security Advisories this evening detailing high-risk issues in Checkpoint Firewall-1 and VPN-1. Please refer to the following URLs for more information: http://xforce.iss.net/xforce/alerts/id/162 http://xforce.iss.net/xforce/alerts/id/163 ------------------ Daniel Ingevaldson Director, X-Force R&D dsi () iss net 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net
-- Crist J. Clark crist.clark () globalstar com Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
Current thread:
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1, (continued)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Christopher L. Morrow (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Suresh Ramasubramanian (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Alexei Roudnev (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Martin Hepworth (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Crist Clark (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Alexei Roudnev (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Scott McGrath (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Christopher L. Morrow (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Christopher L. Morrow (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 JC Dill (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Crist Clark (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Steven M. Bellovin (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Rubens Kuhl Jr. (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Valdis . Kletnieks (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Stephen Stuart (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Randy Bush (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Laurence F. Sheldon, Jr. (Feb 05)
- Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Valdis . Kletnieks (Feb 05)
- RE: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1 Chris Brenton (Feb 06)