EUVD-2006-0262

Malware in sbrugna...

Check Point VPN-1 SecureClient 4.0/4.1 Policy Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15757/info VPN-1 SecureClient is reported prone to a policy bypass vulnerability. This issue is due to a failure of the application to securely implement remote administrator-provided policies on affected computers. This...

Check Point VPN-1 SecureClient Malformed IP Address Local Memory Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12571/info VPN-1 SecureClient is reported prone to a vulnerability that may allow local attackers to disclose sensitive memory. This can lead to various other attacks against a vulnerable computer. The vulnerability exist...

CVE-2008-0662

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials...

Design/Logic Flaw

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials...

CVE-2008-0662

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials...

CVE-2008-0662

CVE-2008-0662 affects Check Point VPN-1 SecuRemote/SecureClient NGX for Windows (R60 and R56). The Auto Local Logon feature caches credentials in the Checkpoint\SecuRemote registry key which has Everyone/Full Control permissions, enabling local users to read and reuse credentials to gain privileg...

SecureClient NGX R60 HFA 02 Supplement 2 protects against Auto Local Logon vulnerability (CVE-2008-0662)

...

CVE-2006-0255

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient could allow local privilege escalation via a malicious program.exe placed in the C:\ folder, which is executed when SecureClient launches Sr_GUI.exe. Affected product: Check Point VPN-1 SecureClient. Root cause: unquoted...

CVE-2006-0255

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the SrGUI.exe program...

Design/Logic Flaw

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the SrGUI.exe program...

CVE-2006-0255

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the SrGUI.exe program...

VPNcheckpoint.txt

Situation: Employees should be allowed to access your company network from remote by VPN. You want to make sure, that only the hardware of your own company is allowed to access the network on the VPN. This because your company hardware uses a hardened operating system personal firewall,...

CVE-2005-4093

Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint...

CVE-2005-4093

Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint...

CVE-2005-4093

CVE-2005-4093 affects Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0 and 4.1. The vulnerability allows a remote attacker to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint. The i...

[Full-disclosure] Checkpoint SecureClient NGX Security Policy can easily be disabled

Situation: Employees should be allowed to access your company network from remote by VPN. You want to make sure, that only the hardware of your own company is allowed to access the network on the VPN. This because your company hardware uses a hardened operating system personal firewall,...

Checkpoint SecureClient VPN/Firewall client race conditions

In short period between download and aplliance it's possible to overwrite client security policy file...

Check Point VPN-1 SecureClient 4.0 4.1 - Policy Bypass

Check Point VPN-1 SecureClient 4.0 4.1 - Policy Bypass source: https://www.securityfocus.com/bid/15757/info VPN-1 SecureClient is reported prone to a policy bypass vulnerability. This issue is due to a failure of the application to securely implement remote administrator-provided policies on...

Check Point VPN-1 SecureClient 4.0 < 4.1 - Policy Bypass

source: https://www.securityfocus.com/bid/15757/info VPN-1 SecureClient is reported prone to a policy bypass vulnerability. This issue is due to a failure of the application to securely implement remote administrator-provided policies on affected computers. This issue allows remote VPN users to...