Check Point Information for VU#104280
Multiple vulnerabilities in SSL/TLS implementations
Check Point products are vulnerable to:
VU#732952 09/04/2003 OpenSSL accepts unsolicited client certificate messages
VU#380864 09/30/2003 OpenSSL contains integer overflow handling ASN.1 tags (2)
VU#255484 09/30/2003 OpenSSL contains integer overflow handling ASN.1 tags (1)
A fix will be released by Oct 27th 2003.
Check Point products are not vulnerable to:
VU#686224 09/30/2003 OpenSSL does not securely handle invalid public key when configured to ignore errors
VU#935264 09/30/2003 OpenSSL ASN.1 parser insecure memory deallocation
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.