CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 5 of 5

Thread: Are any Check Point products affected by heartbleed bug?

  1. #1
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    13

    Default Are any Check Point products affected by heartbleed bug?

    I'm running VPN-1 / UTM-1 devices in a VPN configuration. Wondering if heartbleed could possibly affect my devices.

    Thanks,

    Roveer

  2. #2
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Re: Are any Check Point products affected by heartbleed bug?

    https://supportcenter.checkpoint.com...oduct=Security

    Is an SK that Check Point have published regarding this.

    The only product still under investigation is the Mobile VPN for iOS and Android.

    http://www.checkpoint.com/defense/ad...ai-09-apr.html

    Is the Advisory although I personally think the wording could be better as versions prior to 1.0.1 are not affected.
    As such if you have a valid IPS subscription then you can see if your websites are under attack.

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,659
    Rep Power
    10

    Default Re: Are any Check Point products affected by heartbleed bug?

    Quote Originally Posted by roveer View Post
    I'm running VPN-1 / UTM-1 devices in a VPN configuration. Wondering if heartbleed could possibly affect my devices.

    Thanks,

    Roveer
    The text from the SK says..

    The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not handle properly the Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys.

    This is great, what checkpoint had done kind of a crappy job is saying why this isn't an issue.

    Long story short all (expect that andriod thingie?) use some version of openssl 0.9.x. If you want to see what you have on any given platform here is how to check.

    Linux/Splat/Gaia
    rpm -qa | egrep -i openssl

    IPSO
    openssl version

  4. #4
    Join Date
    2012-07-10
    Posts
    27
    Rep Power
    0

    Default Re: Are any Check Point products affected by heartbleed bug?

    searched for the relevant protection on my 600 appliance in the IPS tab and couldīt find it. does checkpoint really omit publishing such a critical ips protection on this plattform? even though this appliance is not intended to protect servers at the same extend like the big ones and is more aimed to branches with clients- but how can they no publish a fix for the imho biggest security whole since invention of the internet?

  5. #5
    Join Date
    2006-11-21
    Location
    Michigan
    Posts
    70
    Rep Power
    14

    Default Re: Are any Check Point products affected by heartbleed bug?

    Quote Originally Posted by aueberbacher View Post
    searched for the relevant protection on my 600 appliance in the IPS tab and couldīt find it. does checkpoint really omit publishing such a critical ips protection on this plattform? even though this appliance is not intended to protect servers at the same extend like the big ones and is more aimed to branches with clients- but how can they no publish a fix for the imho biggest security whole since invention of the internet?
    Check sk100173: Check Point response to OpenSSL vulnerability (CVE-2014-0160)

    IPS protection

    Check Point has issued the relevant IPS update on April 09, 2014 - refer to Threat Center Advisory:
    http://www.checkpoint.com/defense/ad...ai-09-apr.html

    To locate this protection:

    SmartDashboard - go 'IPS' tab - expand 'By Type' - find 'OpenSSL TLS DTLS Heartbeat Information Disclosure'
    SmartDashboard - go 'IPS' tab - expand 'By Protocol' - expand 'IPS Software Blade' - expand 'Application Intelligence' - expand 'VPN Protocols' - click on 'SSL and TLS' - find 'OpenSSL TLS DTLS Heartbeat Information Disclosure'

    The following SmartView Tracker log will be generated (if this protection is configured to generate a log):

    Product = IPS Software Blade
    Type = Log
    Service = https (443)
    Protocol = tcp
    Protection Name = OpenSSL TLS DTLS Heartbeat Information Disclosure
    Attack = SSL Enforcement Violation
    Attack Information = OpenSSL TLS DTLS Heartbeat Information Disclosure
    CVE List = CVE-2014-0160 CVE-2014-0346
    Protection Type = Signature
    Protection ID = asm_dynamic_prop_AMSN20140408_01
    Inductry Reference = CVE-2014-0160, CVE-2014-0346

Similar Threads

  1. cpug.org does not have a problem with the Heartbleed bug
    By Barry J. Stiefel in forum About This Discussion Board
    Replies: 0
    Last Post: 2014-04-09, 14:57
  2. Replies: 3
    Last Post: 2012-05-17, 20:48
  3. State of ipv6 in Check Point products
    By Christoph in forum IPv6
    Replies: 15
    Last Post: 2011-02-23, 14:40
  4. Check Point Products TCP Implementation Denial of Service
    By dbrown3611 in forum Miscellaneous
    Replies: 6
    Last Post: 2009-09-24, 19:01

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •