This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NaderAlly
Participant
‎2018-08-16 12:06 PM

SegmentSmack and FragmentSmack - sk134253

Hi,

If you're using a perimeter Security Gateway, then you should read the sk134253 - Check Point response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391) and patch your device!

5 Replies
Danny
Champion
Champion
‎2018-08-16 01:26 PM

Thanks Check Point for responding to this so quickly.

Awaiting updated Jumbo Hotfix Takes soon to solve the issue asap.

0 Kudos
Yonatan_Philip
Employee Alumnus
Employee Alumnus
‎2018-08-17 02:12 AM
In response to Danny

The hotfix is already available on CPUSE and is a recommended update - this is also mentioned In the SmartConsole in the Gateways & Servers tab.

HTH 

 Yonatan

Josh_Browning
Explorer
‎2018-08-17 10:29 AM

Hmm, still running R77.30 and below jumbo hotfix 317. Does anyone know if this hotfix will be released or a workaround where 317 is not required as part of installing this hotfix?

0 Kudos
NaderAlly
Participant
‎2018-08-17 10:52 AM
In response to Josh_Browning

Have you tried to contact CP support? Based on their statement for R77.30 Jumbo HF Take lower than 317 - Check Point recommends to update to the latest Jumbo Hotfix Accumulator Take and install the Hotfix or contact Check Point Support

0 Kudos
Dan_Roddy
Collaborator
‎2018-08-20 07:58 AM

Can you provide more info on this from sk134253?

"SegmentSmack could only be applied on a connection with protection that requires Active Steaming (SSL Inspection, Check Point Proxy, VoIP, Header Spoofing) and either this TCP connection is allowed to the internal network or local user is tricked to connect to a remote malicious server."

What does this mean?  Are you saying there is a risk of a successful connection that will not be detected by SSL inspection?  Can you please state what could happen with certainty?

Thank you,

Dan Roddy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫