Check Point Information for VU#873334

Check Point ISAKMP vulnerable to buffer overflow via Certificate Request



Vendor Statement

The reported issue does not exist in recent versions of VPN-1/FireWall-1 Next Generation (NG) FP2 and later, including all versions of Next Generation Application Intelligence (NG AI). Nor does this issue exist in VPN-1/FireWall-1 4.1 SP6. The issue was also fixed in the same versions of our VPN client products, SecureClient and SecuRemote.

This issue was fixed during 2002 for all our product lines. There is a very small number of customers that are still using versions prior to 4.1 SP6 and NG prior to FP2; The number of them that use VPN is significantly smaller, hence the vulnerability applies to a very small number of existing deployments.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.