Overview
A vulnerability exists in Check Point's VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system.
Description
Check Point VPN-1 Server is a Virtual Private Network (VPN) application. A buffer overflow condition exists in an ASN.1 decoding library used by the VPN-1 software. This vulnerability could be exploited during the negotiation process of establishing a new VPN connection. To exploit this vulnerability, an attacker must initiate an IKE negotiation and then send a malformed IKE packet. The exploit packet must be encrypted, which prevents its detection by using a signature. However, if Aggressive Mode IKE is implemented, this vulnerability may be exploited via a single packet. According to ISS X-Force's advisory, the following products are reported as vulnerable:
For more details, please see the Check Point security alert. |
Impact
A remote attacker may be able to compromise the VPN gateway system. |
Solution
Apply the appropriate patch from Check Point's security alert to address this issue. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Mark Dowd and Neel Mehta of the ISS X-Force for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | CVE-2004-0699 |
| Severity Metric: | 15.75 |
| Date Public: | 2004-07-28 |
| Date First Published: | 2004-08-02 |
| Date Last Updated: | 2004-08-10 14:41 UTC |
| Document Revision: | 6 |