Can anybody cast some light on this issue please?


On 4th Feb an Internet Security Systems Security Advisory was released
regarding a Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
vulnerability.

Details here,

http://xforce.iss.net/xforce/alerts/id/163

In this it claimed that

"
Checkpoint VPN-1 Server 4.1 up to and including SP6 with OpenSSL
Hotfix
Checkpoint SecuRemote/SecureClient 4.1 up to and including build 4200
"

were vulnerable to this exploit.

On 7th Checkpoint refuted this and claims

"
A recently announced ISAKMP issue does not exist in recent versions of
VPN-1/FireWall-1 Next Generation (NG) FP2 and later, including all
versions of Next Generation Application Intelligence (NG AI). Nor does
this issue exist in VPN-1/FireWall-1 4.1 SP6.
"

What is the true version of events?

Is SP6 secure?

Are all 4.1 clients still vulnerable?

Getting info on this one is like pulling teeth.


FWS.