Support Center > Search Results > SecureKnowledge Details
Check Point response to OpenSSL Security advisory 22 September 2016 Technical Level
Solution

On 22 September 2016 OpenSSL released a security advisory for the following CVEs:

  • CVE-2016-6305 - SSL_peek() hang on empty record
  • CVE-2016-6307 - tls_get_message_header
  • CVE-2016-6308 - Excessive allocation of memory in dtls1_preprocess_fragment
  • CVE-2016-6303 - OOB write in MDC2_Update
  • CVE-2016-6302 - Malformed SHA512 ticket DoS
  • CVE-2016-2182 - OOB write in BN_bn2dec
  • CVE-2016-2180 - OOB read in TS_OBJ_print_bio
  • CVE-2016-2177 - Pointer arithmetic undefined behaviour
  • CVE-2016-2178 - Constant time flag not preserved in DSA signing
  • CVE-2016-2181 - CVE-2016-2179 – (D)TLS flaws

Check Point products are not vulnerable to these CVE's.

Notes:

  • CVE-2016-6304 - OCSP Status Request extension unbounded memory growth: Check Point is vulnerable, but only to the internal facing Endpoint Management Server on version R77.30.01/ R77.30.01 HFA1 and IPSO's Voyager portal on version MR5 (these are internal facing and therefore exploitability is low)

    Endpoint Management Server

    IPSO Voyager

    • Only MR5 is vulnerable. MR6 will fix this and will be released in the coming months.
    • To mitigate: limit HTTPS access to the gateway.

  • CVE-2016-6306 - Certificate message OOB reads: Check Point is vulnerable, but only to the internal facing ICA portal (in addition to the fact that the CVE is rated low (since the effect is mostly meaningless), this server is internal facing and therefore exploitability is even lower). A fix will be provided in one of the next upcoming Jumbo HFs. 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment