[VIM] Vendor dispute of Check Point overflow (CVE-2009-1227)

Steven M. Christey coley at linus.mitre.org
Tue Apr 7 17:21:49 UTC 2009


All,

cve at mitre received the following dispute by Check Point for
CVE-2009-1227:

  Check Point Security Alert Team has analyzed this report. We've
  tried to reproduce the attack on all VPN-1 versions from NG FP2 and
  above with and without HFAs. The issue was not reproduced. We have
  conducted a thorough analysis of the relevant code and verified that
  we are secure against this attack. We consider this attack to pose
  no risk to Check Point customers.

str0ke - if you were able to successfully test this before publishing as
MILW0RM:8313, that would be informative.

- Steve


More information about the VIM mailing list