[FW-1] [Newsletter]: Re: [FW-1] [Newsletter]: [FW-1] Connectra ICS scan

Subject:	[FW-1] [Newsletter]: Re: [FW-1] [Newsletter]: [FW-1] Connectra ICS scan bypass vulnerability posted on the Full Disclosure list
From:	Mark Senior <senatorfrog AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 22 Jan 2007 16:18:46 -0700

On 1/22/07, Ray  wrote:

The article says a patch has been released, but it's not at
http://www.checkpoint.com/downloads/latest/hfa/connectra/index.html yet.
Note that while this apparently generates a false "I'm OK" result, you still
need valid credentials to get logged on.

Ray


Note that this is entirely a battle of patience between Checkpoint and
their customers, and the discoverer of the bug.  No matter how you
slice it, Connectra is always relying on the client to tell it "Yes,
I'm clean," when the client is exactly the entity that you _cannot_
trust to make that assertion.

It's an unsolvable problem.  The client can always lie.

Regards
Mark

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--------------------------------------------------------------

This e-mail and any attachment thereto contains confidental and/or privileged 
information. If you are not the
intended recipient or have received this e-mail in error, please notify the 
sender immediately and delete this e-mail
and any attachment thereto from your system. Any unauthorized retention, 
copying, transmission, distribution,
disclosure or use of the content of this e-mail and/or any attachment thereto 
is prohibited.
Techem is not liable for any omission or error in this e-mail and/or any 
attachment thereto which may arise as a
result of the e-mail-transmission or for damages resulting from any 
unauthorized change of the content of this e-mail
and/or any attachment thereto.

Thank You
Techem Energy Services GmbH

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Connectra ICS scan bypass vulnerability posted on the Full Disclosure list, Ray [FW-1] [Newsletter]: Re: [FW-1] [Newsletter]: [FW-1] Connectra ICS scan bypass vulnerability posted on the Full Disclosure list, Mark Senior <=

Previous by Date:	Re: [FW-1] SYSTEM KERNEL MEMORY, Mark Senior
Next by Date:	[FW-1] How is FW capacity limit in IP740 IPSO3.8 with R55, Mel Cheng
Previous by Thread:	[FW-1] Connectra ICS scan bypass vulnerability posted on the Full Disclosure list, Ray
Next by Thread:	[FW-1] CA certificate renewal on NG R55, Markus Schmidt
Indexes:	[Date] [Thread] [Top] [All Lists]