Thanks for the link.

Yes, that was a rhetorical question. The certification aspect of the story is not the part I have an issue with (for the most part). Where I get confused is how did this exploit not come to light previously? Checkpoint has the largest install base in the market today. R60 has been out for sometime now (as you rightly point out) and I would hazard that at least one pen tester has taken a run at it during that time. This isn’t me beating on Checkpoint. I actually like their firewalls as well as several other vendors. If this exploit was a generic as I am to understand then it begs the question why we’re only hearing about this now.

And yes, no vendor is immune. If they were, wait 5 minutes.

Thanks for your comment.
cheers.

Have you ever submitted a product for CC/EAL “certification?” You know you pay third
party contractors to provide this service, right?

The testing performed by these vendors gets rid of the low hanging fruit; they exercise
their judgment on how they evaluate the statements of fact made regarding how and
what the vendor does to prove the system is “secure.” They don’t (and can’t) test all of
it.

Think of it as an audit checklist.

Those couple of statements ought to have answered your questions….

While I’m not defending Check Point or their apparent handling of the situation (which
is only one man’s opinion, mind you) these locally-exploitable vulnerabilities reach back
to R60. They are shipping R65.

It will be interesting to know whether the same sorts of attacks are relevant in R65 since R60 is about 2 years old. LOTS of changes since 2005…

Ah well. Another vendor, another vuln. Not really surprising, is it?

Happens to Cisco all the time, CHKP’s no different.

/Hoff

Found it very thorough, detailed and a great read.

Great question!