Security update for Check Point for SSL-VPN clients
Check Point has published a hotfix for a vulnerability in its Check Point Deployment Agent. The vendor has classified the vulnerability as high severity. If a client uses the SSL-VPN solutions SSL Network Extender (SNX), SecureWorkSpace or Endpoint Security On-Demand, attackers can use a specially crafted server to exploit the flaw – which the firm does not describe in greater detail – in order to inject malicious code onto the client and launch it with the user's rights.
In its advisory, Check Point describes two ways of solving the problem: admins can install the hotfix on a Check Point Gateway which will replace the Deployment Agent so that clients retrieve the update themselves upon the next contact; alternatively, users can visit a given URL to directly patch their software. For further details, see Checkpoint's advisory.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
