Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability
BID:9582
Info
Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability
| Bugtraq ID: | 9582 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0040 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery credited to Mark Dowd and Neel Mehta. |
| Vulnerable: |
Check Point Software VPN-1 Next Generation FP1 Check Point Software VPN-1 Next Generation FP0 Check Point Software VPN-1 4.1 SP6 Check Point Software VPN-1 4.1 SP5a Check Point Software VPN-1 4.1 SP5 Check Point Software VPN-1 4.1 SP4 Check Point Software VPN-1 4.1 SP3 Check Point Software VPN-1 4.1 SP2 Check Point Software VPN-1 4.1 SP1 Check Point Software VPN-1 4.1 Check Point Software SecuRemote 4.1 Check Point Software SecuRemote 4.0 Check Point Software SecureClient 4.1 Check Point Software SecureClient 4.0 Check Point Software FireWall-1 Next Generation FP1 Check Point Software FireWall-1 Next Generation FP0 Check Point Software Firewall-1 4.1 SP6 Check Point Software Firewall-1 4.1 SP5a Check Point Software Firewall-1 4.1 SP5 Check Point Software Firewall-1 4.1 SP4 Check Point Software Firewall-1 4.1 SP3 Check Point Software Firewall-1 4.1 SP2 Check Point Software Firewall-1 4.1 SP1 Check Point Software Firewall-1 4.1 |
| Not Vulnerable: |
Check Point Software VPN-1 Next Generation FP2 Check Point Software VPN-1 4.1 SP6 Check Point Software FireWall-1 Next Generation FP2 Check Point Software Firewall-1 4.1 SP6 |
Discussion
Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability
A problem has been identified in the handling of large Certificate Request payload exchanges in Check Point VPN-1, SecuRemote, and SecureClient. Because of this, it is possible for a remote attacker to gain unauthorized access to vulnerable systems.
A problem has been identified in the handling of large Certificate Request payload exchanges in Check Point VPN-1, SecuRemote, and SecureClient. Because of this, it is possible for a remote attacker to gain unauthorized access to vulnerable systems.
Exploit / POC
Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability
ISS has reported that a working proof-of-concept has been developed. However, this proof-of-concept has not been publicly released.
ISS has reported that a working proof-of-concept has been developed. However, this proof-of-concept has not been publicly released.
Solution / Fix
Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability
Solution:
Check Point has stated that these versions of software are no longer supported. Affected users are advised to upgrade to the NG versions of VPN-1 Server and SecureRemote/SecureClient.
Check Point has released an alert (ISAKMP Alert) that contains pertinent details for affected customers. See referenced alert for further details.
Solution:
Check Point has stated that these versions of software are no longer supported. Affected users are advised to upgrade to the NG versions of VPN-1 Server and SecureRemote/SecureClient.
Check Point has released an alert (ISAKMP Alert) that contains pertinent details for affected customers. See referenced alert for further details.
References
Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability
References:
References:
- Check Point Technical Support (Check Point Software)
- Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow (ISS)
- ISAKMP Alert (Check Point Technical Support)
- Re: Two checkpoint fw-1/vpn-1 vulns (Björnar Björgum Larsen
)