[Full-Disclosure] Checkpoint ISAKMP issue?
Mark Fagan
r00t at online.ie
Wed May 5 18:41:36 BST 2004
Vitor,
I think you will find the current CP vulnerability is quite a lot different to
the vulnerability discovered in February.
Cheers
Mark
Quoting Vitor Ventura <vventura at cesce.pt>:
> I think it was in January that X-Force reported a problem with something like
> this and Checkpoint said it wasn't the report.
> And now they prepare the patch in April 19th and only at the 5th of May the
> report the vulnerability.
>
> Is it just me, or it seems like it was vulnerable from the beginning.
>
>
> -----Original Message-----
> From: arlen [mailto:arlen at hushmail.com]
> Sent: Wed 5/5/2004 12:47 PM
> To: full-disclosure at lists.netsys.com
> Cc:
> Subject: [Full-Disclosure] Checkpoint ISAKMP issue?
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hi all,
>
> Checkpoint report a vulnerability with their VPN-1 software (which AFAIK
> means pretty much all FW-1 firewalls) in the ISAKMP code used during
> initial tunnel setup. Anyone have any more details than those on the
> Checkpoint site at http://www.checkpoint.com/techsupport/alerts/ike_vpn.html
> ?
>
>
>
> r_len
>
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.4
>
> wkYEARECAAYFAkCY1JkACgkQtd50JL6MBE+FUQCfW7PuG/xWyu0f/jPEvo3EQb9MQ0UA
> oLmYiERFctgghFOO5+9DlIAEBM0I
> =RkrI
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Promote security and make money with the Hushmail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Full-Disclosure is hosted and sponsored by Secunia.