Email this article   Print article 

Check Point Fixes End-Point Security Flaw

By Kevin McLaughlin, CRN
January 26, 2007    3:41 PM ET

Check Point Software Technologies has patched a vulnerability in its Connectra and VPN-1 Power/UTM products that could enable attackers to bypass the software's end-point security measures.

The flaw affects Check Point's Integrity Clientless Security (ICS) technology, which performs security checks on devices before allowing them to connect. ICS doesn't properly perform this scan, which could allow attackers to log in to the network with an infected machine, according to a Monday post on the Full Disclosure mailing list.

Attackers could watch network traffic and intercept cookie data and then use it to build a specially rigged HTTP POST request with a valid report. When submitted, the request would enable attackers to bypass security restrictions, according to a Symantec Deepsight bulletin issued Thursday.

Israel-based Check Point has released fixes for the Connectra and VPN-1 vulnerabilities.

Symantec's Deepsight threat tracking system assigned the flaw a severity rating of 7.8 on a 10-point scale. The National Vulnerability Database weighed in with a CVSS base score of 7 on a 10-point scale. However, Danish security research firm Secunia downplayed the threat, calling it "less critical," or 2 on a 5-point scale.


Email this article   Print article 

More Security

Recent Articles

Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange

Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet.

How To Sell IT Security Services To Your Customers

Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks.

Cybersecurity Experts: What They Know Could Scare You

A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace.

  More Slide Shows




Related Videos
Loading...