Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability

BID:9582

Info

Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability

Bugtraq ID: 9582
Class: Boundary Condition Error
CVE: CVE-2004-0040
Remote: Yes
Local: No
Published: Feb 05 2004 12:00AM
Updated: Jul 12 2009 02:06AM
Credit: Discovery credited to Mark Dowd and Neel Mehta.
Vulnerable: Check Point Software VPN-1 Next Generation FP1
Check Point Software VPN-1 Next Generation FP0
Check Point Software VPN-1 4.1 SP6
Check Point Software VPN-1 4.1 SP5a
Check Point Software VPN-1 4.1 SP5
Check Point Software VPN-1 4.1 SP4
Check Point Software VPN-1 4.1 SP3
Check Point Software VPN-1 4.1 SP2
Check Point Software VPN-1 4.1 SP1
Check Point Software VPN-1 4.1
Check Point Software SecuRemote 4.1
Check Point Software SecuRemote 4.0
Check Point Software SecureClient 4.1
Check Point Software SecureClient 4.0
Check Point Software FireWall-1 Next Generation FP1
Check Point Software FireWall-1 Next Generation FP0
Check Point Software Firewall-1 4.1 SP6
Check Point Software Firewall-1 4.1 SP5a
Check Point Software Firewall-1 4.1 SP5
Check Point Software Firewall-1 4.1 SP4
Check Point Software Firewall-1 4.1 SP3
Check Point Software Firewall-1 4.1 SP2
Check Point Software Firewall-1 4.1 SP1
Check Point Software Firewall-1 4.1
Not Vulnerable: Check Point Software VPN-1 Next Generation FP2
Check Point Software VPN-1 4.1 SP6
Check Point Software FireWall-1 Next Generation FP2
Check Point Software Firewall-1 4.1 SP6

Discussion

Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability

A problem has been identified in the handling of large Certificate Request payload exchanges in Check Point VPN-1, SecuRemote, and SecureClient. Because of this, it is possible for a remote attacker to gain unauthorized access to vulnerable systems.

Exploit / POC

Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability

ISS has reported that a working proof-of-concept has been developed. However, this proof-of-concept has not been publicly released.

Solution / Fix

Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability

Solution:
Check Point has stated that these versions of software are no longer supported. Affected users are advised to upgrade to the NG versions of VPN-1 Server and SecureRemote/SecureClient.

Check Point has released an alert (ISAKMP Alert) that contains pertinent details for affected customers. See referenced alert for further details.

References

Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report