Notified: September 13, 2002 Updated: September 18, 2002
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The following response from Check Point appears in the SecuriTeam advisory: Neither the latest 4.1 nor the latest NG versions of FW-1 are vulnerable to this problem. A few details follow: 1. FW-1 does not directly analyze the body of attachments. In that respect, the vulnerability is not applicable to FW-1. 2. FW-1 has the capability to easily filter these types of messages, by specifying "message/partial" in the "Strip MIME of type:" section of the resource definition. 3. FW-1 does serve as a platform for third party vendors to check attachments for viruses via the "CVP" OPSEC mechanism. When defining a CVP server, a message box is presented to the administrator (when approving the resource) that says: "When CVP server is used it is recommended to strip MIME of type 'message/partial'. Do you want to add 'message/partial'?" Pressing "Yes" will automatically add 'message/partial' to the appropriate place in the resource definition. We therefore believe is safe to say that not only are we not vulnerable to this problem ourselves, we also protect 3rd party opsec partners from falling for this pitfall.