Check Point VPN-1/FireWall-1 ISAKMP buffer overflow
| vpn1-isakmp-bo (16060) |  High Risk |
Description:
Check Point VPN-1/FireWall-1 is vulnerable to a buffer overflow, when handling ISAKMP packets during a VPN tunnel negotiation. By sending a specially-crafted ISAKMP packet, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
Apply the appropriate Hotfix Accumulator (HFA) for your system, as listed in Checkpoint Technical Support Alert dated 4 May 2004. See References.
References:
- Checkpoint Technical Support Alert 4 May 2004: ISAKMP Vulnerability.
- BID-10273: Check Point VPN-1 ISAKMP Remote Buffer Overflow Vulnerability
- CVE-2004-0469: Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation.
Platforms Affected:
- CheckPoint FireWall-1 GX 2.0
- CheckPoint Firewall-1 VSX 2.0.1
- CheckPoint Firewall-1 VSX NG with Application Intelligence
- CheckPoint Next Generation FP3
- CheckPoint NG-AI R54
- CheckPoint NG-AI R55
- CheckPoint VPN-1 VSX 2.0.1
- CheckPoint VPN-1 VSX NG with Application Intelligence
Reported:
May 04, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net