Reported July 28, 2004, by Internet Security Systems
A buffer-overrun vulnerability can permit remote compromise of a Check Point VPN-1 gateway. An Internet Security Association and Key Management Protocol (ISAKMP) problem affects Check Point VPN-1 products during negotiations of a VPN tunnel. When the VPN-1 server performs Abstract Syntax Notation One (ASN.1) decoding, an attacker can trigger an arbitrary-length heap overflow, which might result in complete compromise of the VPN-1 server. Through a single-packet attack, an unauthenticated remote attacker can trigger this vulnerability. If UDP-based Internet Key Exchange (IKE) negotiation is enabled (aggressive mode), the attacker might be able to conceal the source of attacks and perform a blind-spoofed attack.
Discovered by Internet Security Systems.