Xiaohong,
A fair amount of detail is provided in last week's Check Point FW-1
Mailing List Digest at securityportal.com (
http://www.securityportal.com/topnews/weekly/checkpoint20000731.html ).
We did not release the full details, as we are awaiting the
full-disclosure release to be posted on BUGTRAQ first. But, the
information provided above should definitely be enough to raise
concerns. In short, you should upgrade to version 4.1 SP2 as soon as
possible, and also maintain dilligent configuration policies (always
have spoof protection enabled, never allow "ANY" objects in your source
or destination fields, use fwa1 authentication between firewalls, etc.)
Jason
P.S. On a side note, it was released at Black Hat, not DEFCON ;-) Hope
this helps!
"Wu, Xiaohong" wrote:
>
> Hi,
> Does anyone know about the recent Check Point vulnerabilities
> describled in DefCon hacker convention ? What's the solution to it ?
>
> Thanks
> Xiaohong
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
