Check Point VPN-1 IKE buffer overflow

vpn1-ike-bo (14150) The risk level is classified as HighHigh Risk

Description:

Check Point VPN-1 and Check Point VPN clients (SecuRemote/SecureClient) could allow an attacker to gain unauthorized access. An attacker may be able to compromise a VPN-1 server and client system running SecuRemote/SecureClient, and may be able to compromise the Check Point FireWall-1 server. Attackers will be able to run commands under the security context of the super-user, usually SYSTEM or root.


Consequences:

Gain Access

Remedy:

For vulnerability detection:

Enable the following checks in the ISS Protection Platform:
IsakmpVulnerableVpn

For Virtual Patch:

Enable the following checks in the ISS Protection Platform:
ISAKMP_Certificate_Request_Overflow

For Manual Protection:

There is no remedy or effective workaround for this vulnerability. Upgrading to the NG versions of VPN-1 Server and SecureRemote/Client will remove this vulnerability. In addition, VPN-1 users running 4.1 versions should upgrade to Service Pack 6, and NG users should upgrade to Feature Pack 2 or later.

References:

Platforms Affected:

  • CheckPoint FireWall-1 4.1
  • CheckPoint FireWall-1 4.1 SP1
  • CheckPoint FireWall-1 4.1 SP2
  • CheckPoint FireWall-1 4.1 SP5
  • CheckPoint FireWall-1 4.1 SP3
  • CheckPoint FireWall-1 4.1 SP4
  • CheckPoint FireWall-1 4.1 SP5a
  • CheckPoint FireWall-1 Next Generation FP0
  • CheckPoint FireWall-1 Next Generation FP1
  • CheckPoint VPN-1 4.1 SP5a
  • CheckPoint VPN-1 Next Generation FP0
  • CheckPoint VPN-1 Next Generation FP1

Reported:

Feb 04, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page