In association with heise online

06 May 2011, 13:08

Security update for Check Point for SSL-VPN clients

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Check Point has published a hotfix for a vulnerability in its Check Point Deployment Agent. The vendor has classified the vulnerability as high severity. If a client uses the SSL-VPN solutions SSL Network Extender (SNX), SecureWorkSpace or Endpoint Security On-Demand, attackers can use a specially crafted server to exploit the flaw – which the firm does not describe in greater detail – in order to inject malicious code onto the client and launch it with the user's rights.

In its advisory, Check Point describes two ways of solving the problem: admins can install the hotfix on a Check Point Gateway which will replace the Deployment Agent so that clients retrieve the update themselves upon the next contact; alternatively, users can visit a given URL to directly patch their software. For further details, see Checkpoint's advisory.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit