[VIM] Vendor dispute of Check Point overflow (CVE-2009-1227)

Bugs NotHugs bugsnothugs at gmail.com
Tue Apr 7 19:50:44 UTC 2009

  Check Point Security Alert Team has analyzed this report. We've
  tried to reproduce the attack on all VPN-1 versions from NG FP2 and
  above with and without HFAs. The issue was not reproduced. We have
  conducted a thorough analysis of the relevant code and verified that
  we are secure against this attack. We consider this attack to pose
  no risk to Check Point customers.

HDM test version R66 of VPN-1 and not work.  Bug is real, details
sparse.  From client engagement where client not tell us exact version
software.  Test happen two years ago, so older version affected.  Not
able to test again so publish details and move on.


Shared Vulnerability Disclosure Account

More information about the VIM mailing list