-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0010
          Anti-Spoofing might be enforced incorrectly in specific
                   scenarios on R75.47 Security Gateway
                              29 January 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Checkpoint R75.47 Security Gateway
                      Checkpoint R75.47 Management Server
Operating System:     Network Appliance
                      Linux variants
                      Windows
                      Solaris
Impact/Access:        Reduced Security -- Unknown/Unspecified
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-1672  
Member content until: Friday, February 28 2014

OVERVIEW

        A vulnerability has been identified in Check Point R75.47 Security 
        Gateway. [1]


IMPACT

        The vendor has provided the following details regarding this issue:
        
        "Anti-Spoofing might be enforced incorrectly on R75.47 Security Gateway
        after the following operations:
        
            Change routing table on the Security Gateway (e.g., add a static 
            route).
            Perform the "Get - Interfaces with Topology" operation in Security
            Gateway object ('Topology' pane).
        
        This issue affects only R75.47 Security Gateway and R75.47 Management
        Server."


MITIGATION

        Checkpoint has provided a hotfix for R75.47.


REFERENCES

        [1] Anti-Spoofing might be enforced incorrectly in specific scenarios
            on R75.47 Security Gateway
            https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98087

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUumRZxLndAQH1ShLAQI/+A/8CBNJCoFYhlCYEk5B7HSuF4wUx7bZ7+u2
uCsn7nzcsvePtaNEqK7jHp4qfAiqM9VRHA0BwG04ICcqUuRJnbLg0yynoztvffKA
5fKJ6ZI7vszm03lwWDxAX+U/BZL/Xw67/QOV6My4a6hbSRa2YyH5eiQnSw1fnihy
eybuDREB8mlll/ftwWWFN8xnwig1wFeNKX2dPeti+0ccrSVNeYxRxsFBwdhTFM46
ykIYxUu6wcAG3OQSaUqjCMGHmH2PAtgXA2ppSWQ6VGDn08CxZZ0e7NoaWUn4jhW9
LanCrc1drMLYpGUTPSOlb77seaes76qhXjV78NNsHUZ+8KHRmKItH2HOMT2HOMuk
EaGLilP6GN0snjYhfxSbLfPMq87appMutQThpvLEvecCoHQehPCFcfdRlnBTJIT7
PcnC1cqA5mz+RWSavSOJmDtgNiaNt+7UJA6z5OsFXQR1XEWE8cGDfEn5Wr40JUyo
ENsuNHuf4wi14OFt0Q/wmGlzS19FiIG37DpiZ2M7ycQzODzOET6S45dLinhfQ0gZ
YNBDxbu1a85fvwFfzIQyqFSmDJpA10yRGsMBqJRT2dKsXw9l1xhBgOyFiTBJiXWJ
KftpnwbR4TL3cosN67vpP6JuMU5LFQS3SlmDx50xZdgM/0h63hmnWoX0jrDOY6RK
oZacb1s2Ri8=
=JWo+
-----END PGP SIGNATURE-----