Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Check Point Information for VU#836088

Date Notified:2002-09-13
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The following response from Check Point appears in the SecuriTeam advisory:

    Neither the latest 4.1 nor the latest NG versions of FW-1 are vulnerable to this problem. A few details follow:

    1. FW-1 does not directly analyze the body of attachments. In that respect, the vulnerability is not applicable to FW-1.

    2. FW-1 has the capability to easily filter these types of messages, by specifying "message/partial" in the "Strip MIME of type:" section of the resource definition.

    3. FW-1 does serve as a platform for third party vendors to check attachments for viruses via the "CVP" OPSEC mechanism. When defining a CVP server, a message box is presented to the administrator (when approving the resource) that says:

      "When CVP server is used it is recommended to strip MIME of type 'message/partial'. Do you want to add 'message/partial'?"

      Pressing "Yes" will automatically add 'message/partial' to the appropriate place in the resource definition.

      We therefore believe is safe to say that not only are we not vulnerable to this problem ourselves, we also protect 3rd party opsec partners from falling for this pitfall.

      If you have feedback, comments, or additional information about this vulnerability, please send us email.
       

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information