Buffer Overrun Vulnerability in Checkpoint VPN-1

Reported May 04, 2004, by Check Point


  • Check Point Software Technologies VPN-1 products, Release 55 (R55) and earlier

A buffer-overrun vulnerability in Check Point VPN products could let a potential attacker compromise a Check Point VPN-1 gateway. An Internet Security Association and Key Management Protocol (ISAKMP) vulnerability has been discovered that affects Check Point VPN-1 products during negotiations of a VPN tunnel. Check Point customers who don't use remote access VPNs or gateway-to-gateway VPNs or who've upgraded to current product versions (i.e., VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410, and NG FP3 HFA-325; and VPN-1 SecuRemote/SecureClient R56) aren't affected by this vulnerability.

Check Point has released the bulletin "ISAKMP Vulnerability" to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

Discovered by Check Point.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.