|
|
|
|
| |
VPN-1 Pro is "an integrated VPN-1 and FireWall-1 gateway, offers management capability, attack protection and traffic shaping technology. VPN-1 Pro utilizes INSPECT, the industry''s most adaptive and intelligent inspection technology, to protect the privacy of business communications over the Internet while securing critical network resources against unauthorized access."
When establishing an encrypted connection to a virtual private network (VPN), it is possible for an attacker to trigger a buffer overflow vulnerability in an ASN.1 decoding library. |
| |
Credit:
The original article can be found at: http://xforce.iss.net/xforce/alerts/id/178
|
| |
Vulnerable Systems:
* VPN-1/FireWall-1 NG with Application Intelligence R54
* VPN-1/FireWall-1 NG with Application Intelligence R55
* VPN-1/FireWall-1 NG with Application Intelligence R55W
* VPN-1/FireWall-1 Next Generation FP3
* VPN-1/FireWall-1 VSX FireWall-1 GX
* VPN-1 SecuRemote/SecureClient All Versions
CVE Information:
CAN-2004-0699
Internet Key Exchange (IKE) is used to negotiate and exchange keys for encrypted transport or tunneling of network traffic over a Virtual Private Network (VPN). The network protocol used to facilitate this exchange is the Internet Security Association and Key Management Protocol (ISAKMP).
Various protocol fields within ISAKMP are ASN.1 encoded and the VPN-1 server will decode these fields as part of the initial encrypted connection setup. When performing this decoding, it is possible for an attacker to trigger an arbitrary-length heap overflow which may result in complete compromise of the VPN-1 server.
This vulnerability can be triggered by an unauthenticated remote attacker through a single-packet attack. If UDP-based IKE negotiation is enabled, it may be possible for attackers to conceal the source of attacks and perform a blind-spoofed attack.
Impact:
Compromise of VPN-1 networks may lead to exposure of confidential information, loss of productivity, and further network compromise. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks being protected by Check Point's VPN-1 product. No authentication would be required for an attacker to leverage this vulnerability to compromise a VPN, and operational VPN-1 installations will likely be vulnerable in their default configurations.
Patch Availability:
Vendor-supplied patches for the issue described in this advisory are available from: http://www.checkpoint.com/techsupport/alerts/asn1.html.
|
|
|
|
|
|
|
|
|
|
