[VIM] Vendor dispute of Check Point overflow (CVE-2009-1227)
Bugs NotHugs
bugsnothugs at gmail.com
Tue Apr 7 19:50:44 UTC 2009
Check Point Security Alert Team has analyzed this report. We've
tried to reproduce the attack on all VPN-1 versions from NG FP2 and
above with and without HFAs. The issue was not reproduced. We have
conducted a thorough analysis of the relevant code and verified that
we are secure against this attack. We consider this attack to pose
no risk to Check Point customers.
HDM test version R66 of VPN-1 and not work. Bug is real, details
sparse. From client engagement where client not tell us exact version
software. Test happen two years ago, so older version affected. Not
able to test again so publish details and move on.
--
BugsNotHugs
Shared Vulnerability Disclosure Account
More information about the VIM
mailing list