This problem was fixed. The fix is included in:

• Check Point R77

Check Point recommends to always upgrade to the most recent version.

For other supported versions, Check Point offers a hotfix for this issue.

Table of Contents:

• Hotfix availability
• Hotfix installation instructions

Hotfix availability

• Hotfix is available for:

  Platform	Version	Installation method
  Gaia OS	R75.47	Check Point Update Service Engine (CPUSE) Manual installation
  	R76	Manual installation only
  IPSO OS	R70.X R71.X R75.X	Manual installation only
  	R76	Manual installation only Note: Hotfix is available upon request from Check Point Support

  
  
  
• Other versions must be upgraded to one of the above versions (in order to get the most stable, secure and robust system).

Hotfix installation instructions

Note: Hotfix has to be installed on Security Gateway / each cluster member.

• Show / Hide instructions for Gaia OS - R75.47 - using CPUSE Online package
  
  

  1. Connect to the Gaia Portal on your Check Point machine and navigate to the 'Software Updates' pane - click on 'Status and Actions'.
  2. Select the hotfix package R75.47 Hotfix for sk94490 (OSPF LSA spoofing vulnerability) - click on 'Install Update' button on the toolbar.

  
  For detailed installation instructions, refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".
  
  
• Show / Hide instructions for Gaia OS - R75.47 - using CPUSE Offline package
  
  

  1. Download this CPUSE package for Offline installation (Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz).
     
     
  2. For detailed installation instructions, refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

  
  
  
• Show / Hide instructions for Gaia OS - R75.47 - using Legacy CLI
  
  

  1. Hotfix has to be installed on Security Gateway / each cluster member.
     
     

  2. Download this hotfix package:

     Platform	R75.47
     Gaia OS	(TGZ)

     
     
     
  3. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
     
     
  4. Unpack the hotfix package:
     
     [Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar -zxvf Check_Point_OSPF_R75.47_HOTFIX_003.tgz
     
     
  5. Install the hotfix:
     
     [Expert@HostName]# ./SecurePlatform_HOTFIX_NAME
     
     Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
     
     
  6. Reboot the machine.

  
  
  
• Show / Hide instructions for Gaia OS - freshly installed R76 (not upgraded to R76)
  
  

  1. Hotfix has to be installed on Security Gateway / each cluster member.
     
     

  2. Download this hotfix package:

     Platform	R76
     Gaia OS	(TGZ)

     
     
     
  3. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
     
     
  4. Unpack the hotfix package:
     
     [Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar -zxvf Check_Point_OSPF_R76_HOTFIX_050.tgz
     
     
  5. Install the hotfix:
     
     [Expert@HostName]# ./SecurePlatform_HOTFIX_NAME
     
     Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
     
     
  6. Reboot the machine.

  
  
  
• Show / Hide instructions for Gaia OS - upgraded to R76
  
  

  1. Hotfix has to be installed on Security Gateway / each cluster member.
     
     
  2. Check whether other hotfixes for RouteD daemon were installed. Run the following command in Clish:
     
     HostName> show routed version
     
     
  3. If the RouteD version is not routed-0.1-cp989000090, then Contact Check Point Support to get a combined Hotfix for this issue (package that will include the current hotfixes and the hotfix for OSPF LSA spoofing vulnerability).
     
     
  4. If the RouteD version is routed-0.1-cp989000090 (native version), then install the hotfix - proceed to next step.
     
     

  5. Download this hotfix package:

     Platform	R76
     Gaia OS	(TGZ)

     
     
     
  6. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
     
     
  7. Unpack the hotfix package:
     
     [Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar -zxvf Check_Point_OSPF_R76_HOTFIX_050.tgz
     
     
  8. Install the hotfix (note the "-NODEP" flag at the end):
     
     [Expert@HostName]# ./SecurePlatform_HOTFIX_NAME -NODEP
     
     Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
     
     
  9. Reboot the machine.

  
  
  
• Show / Hide instructions for IPSO OS - R70.X / R71.X / R75.X
  
  

  1. Hotfix has to be installed on Security Gateway / each cluster member.
     
     

  2. Download this hotfix package:

     Platform	R70.X R71.X R75.X
     IPSO OS	(ZIP)

     
     
     
  3. Unpack the ZIP archive (ipso-6_2-BUILD.zip).
     
     
  4. Extract the ipso-6.2.tgz file.
     
     
  5. Refer to Getting Started Guide and Release Notes for Check Point IPSO 6.2 - Chapter 8 'Upgrading to Check Point IPSO 6.2'

  
  
  
• Show / Hide instructions for IPSO OS - R76
  
  

  1. Hotfix has to be installed on Security Gateway / each cluster member.
     
     
  2. Contact Check Point Support to get this hotfix package.
     
     
  3. Unpack the ZIP archive (ipso-6_2-BUILD.zip).
     
     
  4. Extract the ipso-6.2.tgz file.
     
     
  5. Refer to Getting Started Guide and Release Notes for Check Point IPSO 6.2 - Chapter 8 'Upgrading to Check Point IPSO 6.2'

Give us Feedback	Please rate this document Rating submitted [1=Worst,5=Best] Your rating was not submitted, please try again later
	Comment  Please Enter the words displayed in the image below: Please Enter the numbers you hear:   Submit Cancel Submitting rating Thank you for your feedback!