Info

Disclosure

Jul 28, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Checkpoint VPN-1/Firewall-1 software. Checkpoint VPN-1/FireWall-1 software fails to properly santize ASN.1 decoding during the initial VPN tunnel encryption setup over ISAKMP resulting in a heap overflow. With a specially crafted request, an attacker can compromise the server resulting in a loss of confidentiality and integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Checkpoint has released patches for each corresponding version to address this vulnerability.

Products

Check Point Software Technologies, Inc.	VPN-1/Firewall-1 NG with Application Intelligence	R54
	VPN-1/Firewall-1 NG with Application Intelligence	R55
	Application Intelligence VPN-1/FireWall-1 NG with Application Intelligence	R55W
	VPN-1/FireWall-1 Next Generation	FP3
	VSX FireWall-1	GX
	SecuRemote	R55
	SecureClient	R55
	SecureClient	4.1 SP5 with SSL Hotfix
	Secure Remote	4.1 SP5 with SSL Hotfix

References

Secunia Advisory ID: 12177
CVE ID: 2004-0699 (see also: NVD)
CERT VU: 435358
SCIP VulDB ID: 772
Vendor Specific Advisory URL: http://www.checkpoint.com/techsupport/alerts/asn1.html
Other Advisory URL: http://xforce.iss.net/xforce/alerts/id/178

Credit

Mark Dowd - Avertavertlabs.com - McAfee Avert(tm) Labs
Neel Mehta - -

Direct URL: http://osvdb.org/8290

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Check Point Software Technologies, Inc.

VPN-1/Firewall-1 NG with Application Intelligence

Application Intelligence VPN-1/FireWall-1 NG with Application Intelligence

VPN-1/FireWall-1 Next Generation

VSX FireWall-1

SecuRemote

SecureClient

Secure Remote

References

Credit