SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#435358

Check Point VPN-1 products contain boundary error in the ASN.1 decoding library

Overview

A vulnerability exists in Check Point's VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system.

I. Description

Check Point VPN-1 Server is a Virtual Private Network (VPN) application. A buffer overflow condition exists in an ASN.1 decoding library used by the VPN-1 software. This vulnerability could be exploited during the negotiation process of establishing a new VPN connection. To exploit this vulnerability, an attacker must initiate an IKE negotiation and then send a malformed IKE packet. The exploit packet must be encrypted, which prevents its detection by using a signature. However, if Aggressive Mode IKE is implemented, this vulnerability may be exploited via a single packet.

According to ISS X-Force's advisory, the following products are reported as vulnerable:

  • VPN-1/FireWall-1 NG with Application Intelligence R54
  • VPN-1/FireWall-1 NG with Application Intelligence R55
  • VPN-1/FireWall-1 NG with Application Intelligence R55W
  • VPN-1/FireWall-1 Next Generation FP3
  • VPN-1/FireWall-1 VSX FireWall-1 GX
  • VPN-1 SecuRemote/SecureClient All Versions

For more details, please see the Check Point security alert.

II. Impact

A remote attacker may be able to compromise the VPN gateway system.

III. Solution

Apply the appropriate patch from Check Point's security alert to address this issue.

Systems Affected

VendorStatusDate NotifiedDate Updated
Check PointVulnerable2-Aug-2004

References


http://xforce.iss.net/xforce/alerts/id/178
http://www.checkpoint.com/techsupport/alerts/asn1.html
http://secunia.com/advisories/12177/
http://www.ciac.org/ciac/bulletins/o-190.shtml

Credit

Thanks to Mark Dowd and Neel Mehta of the ISS X-Force for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

Date Public:2004-07-28
Date First Published:2004-08-02
Date Last Updated:2004-08-10
CERT Advisory: 
CVE-ID(s):CAN-2004-0699
NVD-ID(s):CAN-2004-0699
US-CERT Technical Alerts: 
Metric:15.75
Document Revision:6

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader