CVE-1999-0675

Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host...

EUVD-2000-0807

Malware in sbrugna...

EUVD-2000-0799

Malware in sbrugna...

EUVD-2000-0798

Malware in sbrugna...

EUVD-2001-1411

Malware in sbrugna...

EUVD-2001-1476

Malware in sbrugna...

EUVD-2001-1139

Malware in sbrugna...

EUVD-2001-0923

Malware in sbrugna...

EUVD-1999-0657

Malware in sbrugna...

CheckPoint VPN1 ASN 1 Decoding Heap Overflow attack - Ver2 (CVE-2004-0699)

A buffer overflow vulnerability has been reported in Checkpoint VPN-1 and Checkpoint Firewall-1. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

Check Point Software Firewall-1 4.1 SP2 Fast Mode TCP Fragment Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2143/info Check Point Software's VPN-1 and Firewall-1 products contain a vulnerability in their Fast Mode option that may allow an attacker to bypass access control restrictions and access certain blocked services. Fast...

CheckPoint Firewall / VPN-1 information leakage

It's possible to obtain host names...

OSI Security: CheckPoint Firewall VPN - Information Disclosure

CheckPoint Firewall VPN1 - Information Disclosure Vulnerability http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure Note: this is essentially a feature, but thought it may be useful for pen testers when deciding which system to attack. Release...

CVE-2008-5849

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation PAT is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMPTIMXCEEDINTRANS aka ICMP time exceeded in-transit response containing an encapsulated IP packet...

Check Point VPN-1防火墙产品端口地址翻译信息泄露漏洞

BUGTRAQ ID: 32306 Check Point VPN-1 Power和UTM都是Check Point开发的防火墙类产品。 如果远程攻击者向VPN-1 Power和UTM所发送的特制报文被端口地址翻译（PAT）映射到内部设备上的端口的话，生成的ICMP错误报文中可能会包含有关内部网络的信息。此时如果存活时间（TTL）设置的过低的话，上述防火墙产品就无法正确的过滤ICMP报文中的封装IP头，导致泄露内部IP地址。 Check Point Software VPN-1 UTM NGX R65 Check Point Software VPN-1 Power Check Poin...

Check Point VPN-1 IP地址碰撞拒绝服务漏洞

BUGTRAQ ID: 28299 CNCAN ID:CNCAN-2008032101 Check Point VPN-1是一款集成防火墙，防病毒，入侵防护的安全解决方案。 Check Point VPN-1防火墙存在一个信息泄漏问题，远程攻击者可以利用漏洞访问不可授权访问的敏感数据。 在如下情况下会触发此漏洞： 远程访问客户端C连接到网关A，一个站到站VPN通道存在于网关A和B之间，如果远程访问客户端c有一个IP地址也定义在网关B的加密域中，就会发生碰撞：在网关B的加密域中的如上所述的IP地址的新连接会不正确的传送到远程访问客户端C，存在连接不受影响。...

CVE-2008-0662

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials...

Checkpoint VPN-1 / Firewall-1 multiple security vulnerabilities

Multiple buffer overflows / memory corruptions...

VPN-1 UTM Edge cross-site request forgery vulnerability (CVE-2007-3489)

...

CVE-2001-1431

CVE-2001-1431 affects Nokia Firewall Appliances (IPSO 3.3/3.4 and VPN-1/Firewall-1 4.1 SP3/4/5) when SYN Defender is in Active Gateway mode. The third packet of the TCP three-way handshake is not rewritten to use the NAT IP address, allowing remote attackers to gain sensitive information. Exploit...