A vulnerability exists in Check Point's VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system.
Check Point VPN-1 Server is a Virtual Private Network (VPN) application. A buffer overflow condition exists in an ASN.1 decoding library used by the VPN-1 software. This vulnerability could be exploited during the negotiation process of establishing a new VPN connection. To exploit this vulnerability, an attacker must initiate an IKE negotiation and then send a malformed IKE packet. The exploit packet must be encrypted, which prevents its detection by using a signature. However, if Aggressive Mode IKE is implemented, this vulnerability may be exploited via a single packet.
According to ISS X-Force's advisory, the following products are reported as vulnerable:
For more details, please see the Check Point security alert.
A remote attacker may be able to compromise the VPN gateway system.
Apply the appropriate patch from Check Point's security alert to address this issue.
Thanks to Mark Dowd and Neel Mehta of the ISS X-Force for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2004-08-02|
|Date Last Updated:||2004-08-10 14:41 UTC|