Reported July 28, 2004, by Internet Security Systems

VERSIONS AFFECTED

  • Check Point Software Technologies VPN-1 products, Release 55 (R55) and earlier

DESCRIPTION
A buffer-overrun vulnerability can permit remote compromise of a Check Point VPN-1 gateway. An Internet Security Association and Key Management Protocol (ISAKMP) problem affects Check Point VPN-1 products during negotiations of a VPN tunnel. When the VPN-1 server performs Abstract Syntax Notation One (ASN.1) decoding, an attacker can trigger an arbitrary-length heap overflow, which might result in complete compromise of the VPN-1 server. Through a single-packet attack, an unauthenticated remote attacker can trigger this vulnerability. If UDP-based Internet Key Exchange (IKE) negotiation is enabled (aggressive mode), the attacker might be able to conceal the source of attacks and perform a blind-spoofed attack.
 

VENDOR RESPONSE
Check Point has released "ASN.1 Alert" to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Internet Security Systems.