[VIM] Vendor dispute of Check Point overflow (CVE-2009-1227)

str0ke str0ke at milw0rm.com
Tue Apr 7 20:51:39 UTC 2009


Didn't check it out, pretty sure I grabbed it from one of the lists :(

/str0ke

Steven M. Christey wrote:
> All,
>
> cve at mitre received the following dispute by Check Point for
> CVE-2009-1227:
>
>   Check Point Security Alert Team has analyzed this report. We've
>   tried to reproduce the attack on all VPN-1 versions from NG FP2 and
>   above with and without HFAs. The issue was not reproduced. We have
>   conducted a thorough analysis of the relevant code and verified that
>   we are secure against this attack. We consider this attack to pose
>   no risk to Check Point customers.
>
> str0ke - if you were able to successfully test this before publishing as
> MILW0RM:8313, that would be informative.
>
> - Steve
>
>   


More information about the VIM mailing list