ISS X-Force Database: isakmp-vulnerable-vpn(14908): ISAKMP vulnerable VPN

ISAKMP vulnerable VPN

isakmp-vulnerable-vpn (14908)

Medium Risk

Description:

Internet Security Association and Key Management Protocol (ISAKMP) is a key exchange protocol. ISAKMP can contain a Vendor ID Payload, which is defined by the vendor and used for vendor identification purposes. The ISAKMP Vendor ID belongs to a VPN product that may be vulnerable to various attacks.

Consequences:

Bypass Security

Remedy:

Check Point users should install the latest versions of Next Generation (NG) and NG with Application Intelligence (NG-AI) to resolve this issue, or upgrade to the latest release of Check Point NG-AI R55. VPN-1/FireWall-1 4.1 SP5a and prior users who cannot upgrade should contact Check Point Technical Services for assistance.

Affected Check Point VPN encryption users should disable the VPN encryption and confirm that there are no objects with ISAKMP checked.

For other products not listed above, contact your VPN vendor for upgrade or patch information.

References:

Check Point Alert, February 07, 2004: ISAKMP Alert.
CIAC Information Bulletin O-073: Check Point VPN-1 Server and VPN Client Buffer Overflow Vulnerability.
Cipherica Labs Inc.: Cipherica - libike.
Internet Security Systems Security Advisory, February 4, 2004: Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow.
Request for Comment document RFC 2408 (RFC2408): RFC 2408 (RFC2408) - Internet Security Association and Key Management Prot.
The Internet Engineering Task Force: RFC 2408.

Platforms Affected:

Apple Mac OS
CheckPoint VPN-1
Cisco IOS
Compaq Tru64
Data General DG/UX
IBM AIX
IBM OS2
Linux Kernel
Microsoft Windows 2000
Microsoft Windows 2003 Server
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows XP
Novell NetWare
SCO SCO Unix
SGI IRIX
Sun Solaris
WindRiver BSDOS
HP-UX

Reported:

Jan 22, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page