On Thu, 2004-02-05 at 17:22, Bjørnar Bjørgum Larsen wrote: > see > http://xforce.iss.net/xforce/alerts/id/162 > It is in fact a bit confusing, as ISS states that any FW-1 AI installation is vulnerable, as soon as AI is enabled (which it is by default), while Checkpoint claims that only systems with the HTTP security servers enabled (which you have to do explicitly) are vulnerable. Does anybody have any reliable information about that? Does anybody know how a possible attack could work or even have a hint how to craft a snort signature? (Please excuse the irony snort::ISS, it is not intended) rgds /markus -- Markus Wernig UNIX/Network and Security Engineer -> GPG: markus.wernig.net/pubkey -> Linux User Group Bern: www.lugbe.ch -> Freie Software f. die Schweiz: wilhelmtux.ch
