Check Point Information for VU#104280

Multiple vulnerabilities in SSL/TLS implementations

Status

Affected

Vendor Statement

Check Point products are vulnerable to:

VU#732952 09/04/2003 OpenSSL accepts unsolicited client certificate messages
VU#380864 09/30/2003 OpenSSL contains integer overflow handling ASN.1 tags (2)
VU#255484 09/30/2003 OpenSSL contains integer overflow handling ASN.1 tags (1)

A fix will be released by Oct 27th 2003.

Check Point products are not vulnerable to:
VU#686224 09/30/2003 OpenSSL does not securely handle invalid public key when configured to ignore errors
VU#935264 09/30/2003 OpenSSL ASN.1 parser insecure memory deallocation

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.