Reported February 4, 2004 by ISS.

 

 

VERSIONS AFFECTED

 

  • Checkpoint Firewall-1 NG-AI R55 and R54, including SSL hotfix

  • Checkpoint Firewall-1 HTTP Security Server, included with NG FP1, FP2, and FP3

 

DESCRIPTION

 

Checkpoint Firewall-1 NG AI and HTTP Security Server contain multiple remotely exploitable format-string vulnerabilities that can result in the compromise of the vulnerable firewall.

 

VENDOR RESPONSE

 

Checkpoint has issued an update about these vulnerabilities and recommends that affected users immediately apply the available patch.

 

CREDIT

 

Discovered by Mark Dowd.