Reported July 28, 2004, by Internet Security Systems
VERSIONS AFFECTED
|
DESCRIPTION
A buffer-overrun vulnerability can permit remote compromise of a Check Point
VPN-1 gateway. An Internet Security Association and Key Management Protocol (ISAKMP)
problem affects Check Point VPN-1 products during negotiations of a VPN tunnel.
When the VPN-1 server performs Abstract Syntax Notation One (ASN.1) decoding, an
attacker can trigger an arbitrary-length heap overflow, which might result in
complete compromise of the VPN-1 server. Through a single-packet attack, an
unauthenticated remote attacker can trigger this vulnerability. If UDP-based
Internet Key Exchange (IKE) negotiation is enabled (aggressive mode), the
attacker might be able to conceal the source of attacks and perform a
blind-spoofed attack.
VENDOR RESPONSE
Check Point has released
"ASN.1 Alert" to address this vulnerability and recommends
that affected users immediately apply the appropriate patch listed in the
bulletin.
CREDIT
Discovered by Internet Security Systems.