Results 1 to 2 of 2

Thread: Check Point VPN-1 ASN.1 Buffer Overflow Vulnerability

  1. #1

    Check Point VPN-1 ASN.1 Buffer Overflow Vulnerability

    Newly released vulnerability in CheckPoint VPN-1 product that could lead to total system compromise. The vulnerability resides in the parsing of the ASN.1 data in the ISAKMP key exchange portion is affected by the vulnerability - the overflow occurs during the initial key exchange.

    Link: http://www.checkpoint.com/techsupport/alerts/asn1.html

    ASN.1 Alert
    28 Jul 2004

    An ASN.1 issue has been discovered affecting Check Point VPN-1 products during negotiations of a VPN tunnel which may cause a buffer overrun, potentially compromising the gateway. In certain circumstances, this compromise could allow further network compromise.

    Check Point Software customers who do not use Remote Access VPNs or gateway-to-gateway VPNs, or who have upgraded to current product versions (VPN-1/FireWall-1 R55 HFA-08, R54 HFA-412, and VPN-1 SecuRemote/SecureClient R56 HF1) are NOT affected by this issue.

    A single packet attack is only possible if Aggressive Mode IKE is implemented. Check Point strongly discourages the use of Aggressive Mode IKE because it has inherent security limitations.

    When using IKE without enabling Aggressive Mode, the single packet attack is not possible, as the attacker must initiate a real IKE negotiation in order to perform the attack. The malformed IKE packet of this attack vector must be encrypted, which prevents detection of it using a signature.

    At the time of this alert, Check Point is not aware of any organizations that have been affected by this issue. However, in order to protect VPN-1 Gateways, Check Point recommends that customers install an update on all enforcement modules.

    The most recent Hotfix Accumulators (HFAs) and ASN.1 Hotfixes address this issue. Software Subscription customers can download updates for affected products using the links listed below.
    http://www.checkpoint.com/techsupport/alerts/asn1.html

  2. #2
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    ric-o

    Thanks for the info.

    Interestingly enough, although probably not related, but Zone Alarm is a Check Point product as well.

    cheers
    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •