[VIM] Vendor dispute of Check Point overflow (CVE-2009-1227)

Steven M. Christey coley at linus.mitre.org
Tue Apr 7 17:21:49 UTC 2009


cve at mitre received the following dispute by Check Point for

  Check Point Security Alert Team has analyzed this report. We've
  tried to reproduce the attack on all VPN-1 versions from NG FP2 and
  above with and without HFAs. The issue was not reproduced. We have
  conducted a thorough analysis of the relevant code and verified that
  we are secure against this attack. We consider this attack to pose
  no risk to Check Point customers.

str0ke - if you were able to successfully test this before publishing as
MILW0RM:8313, that would be informative.

- Steve

More information about the VIM mailing list