Reported February 4, 2004 by ISS.
Checkpoint VPN-1 Server 4.1 SP6 (with OpenSSL Hotfix) and earlier
Checkpoint SecuRemote and SecureClient 4.1, build 4200 and earlier
A vulnerability in Checkpoint VPN-1 Server and Client can result in the compromise of the vulnerable system. This vulnerability exists because the product doesn't perform adequate bounds checking, thereby triggering a simple stack overflow. This vulnerability occurs during the handling of ISAKMP packets that have large Certificate Request payloads. During the initial phases of an IKE negotiation, a remote unauthenticated attacker can take advantage of this problem.
Discovered by Mark Dowd and Neel Mehta.