Reported
February 4, 2004 by ISS.
VERSIONS
AFFECTED
Checkpoint VPN-1 Server
4.1 SP6 (with OpenSSL Hotfix) and earlier
Checkpoint SecuRemote
and SecureClient 4.1, build 4200 and earlier
DESCRIPTION
A vulnerability in Checkpoint
VPN-1 Server and Client can result in the compromise of the vulnerable system.
This vulnerability exists because the product doesn't perform adequate bounds
checking, thereby triggering a simple stack overflow. This vulnerability occurs
during the handling of ISAKMP packets that have large Certificate Request
payloads. During the initial phases of an IKE negotiation, a remote
unauthenticated attacker can take advantage of this problem.
VENDOR
RESPONSE
Checkpoint has issued an
update about this vulnerability and recommends that affected users
immediately apply the available patch.
CREDIT
Discovered by Mark Dowd
and Neel Mehta.
Arbitrary Code Execution Vulnerability in Checkpoint VPN-1 Server/SecureRemote/SecureClient
0 comments
Hide comments