CheckPoint firewall VPN-1 vulnerability (ISAKMP)
Heads up to all CheckPoint VPN-1 firewall users, this just posted today 5/4/2004...
Quote:
An ISAKMP vulnerability has been discovered affecting Check Point VPN-1 products during negotiations of a VPN tunnel which may cause a buffer overrun, potentially compromising the gateway. In certain circumstances, this compromise could allow further network compromise.
Check Point Software customers who do not use Remote Access VPNs or gateway-to-gateway VPNs, or who have upgraded to current product versions (VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56) are NOT affected by this vulnerability.
More at...
http://www.checkpoint.com/techsuppor...s/ike_vpn.html
Note: if you dont use the remote access VPN or gateway-to-gateway functions in this product you are not vulnerable.