Here's some. Not as current as the ISA one but certainly more relevant.
Hopefully you get the point
Check Point Patches Severe FireWall-1 Flaws
By Dennis Fisher
February 5, 2004
Check Point Software Technologies Ltd. on Wednesday released a fix for
a set of severe security vulnerabilities in its FireWall-1 product that
enable attackers to execute commands on the vulnerable server. ADVERTISEMENT
The problems are a group of format string flaws that appears when
FireWall-1 attempts to validate HTTP requests, according to analysts at
Internet Security Systems Inc., which discovered the flaws. Error messages
created when an invalid portion of a request is specified allow attackers to
provide their own format string specifiers. This in turn can lead to
corruption of memory and give attackers the ability to run their own code on
the server with super-user privileges.
FireWall-1 is among the more widely deployed enterprise firewalls on
the Internet.
Although ISS officials said exploiting the vulnerabilities is
difficult on some platforms, the company has developed an exploit that works
reliably. And, even failed attacks can interrupt all of the current HTTP
sessions on the FireWall-1 server.
The vulnerability affects FireWall-1 NG with Application Intelligence,
FireWall-1 4.1 and FireWall-1 HTTP Security Server, which is included with
NG FP1, 2 and 3.
ISS also found a vulnerability in an old version of Check Point's
VPN-1 product, which the company no longer supports. Check Point, based in
Ramat Gan, Israel, does not plan to release a patch for this issue.
--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
Scott Harding - MS MVP said:
Checkpoint and Watchguard have had several updates over the years as well
and usually MS fixes are the only ones people seem so upset by anyways. You
reasons are obviously personal. I also love Checkpoint and the Watchguard
boxes and many of the other hardware firewalls but in reality most of them
perform almost identically and most people choose one or the other based on
price/features and not on some personal bias
I currently have ISA and
Checkpoint(different networks) in my office and have used several scanners
including Nessus and many others and they both report the same things.
Obviously everyone will have a different opinion on this so I don't want to
squabble and typically personal experience or other factors lead people to
purchase different things but that isn't always based on fact.