Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:435358
HistoryAug 02, 2004 - 12:00 a.m.

Check Point VPN-1 products contain boundary error in the ASN.1 decoding library

2004-08-0200:00:00
www.kb.cert.org
13

0.871 High

EPSS

Percentile

98.6%

JSON

Overview

A vulnerability exists in Check Point’s VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system.

Description

Check Point VPN-1 Server is a Virtual Private Network (VPN) application. A buffer overflow condition exists in an ASN.1 decoding library used by the VPN-1 software. This vulnerability could be exploited during the negotiation process of establishing a new VPN connection. To exploit this vulnerability, an attacker must initiate an IKE negotiation and then send a malformed IKE packet. The exploit packet must be encrypted, which prevents its detection by using a signature. However, if Aggressive Mode IKE is implemented, this vulnerability may be exploited via a single packet.

According to ISS X-Force’s advisory, the following products are reported as vulnerable:

* VPN-1/FireWall-1 NG with Application Intelligence R54
* VPN-1/FireWall-1 NG with Application Intelligence R55
* VPN-1/FireWall-1 NG with Application Intelligence R55W 
* VPN-1/FireWall-1 Next Generation FP3 
* VPN-1/FireWall-1 VSX FireWall-1 GX 
* VPN-1 SecuRemote/SecureClient All Versions

For more details, please see the Check Point security alert.

Impact

A remote attacker may be able to compromise the VPN gateway system.

Solution

Apply the appropriate patch from Check Point’s security alert to address this issue.

Vendor Information

435358

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Check Point __ Affected

Updated: August 02, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <http://www.checkpoint.com/techsupport/alerts/asn1.html&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23435358 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Mark Dowd and Neel Mehta of the ISS X-Force for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2004-0699
Severity Metric: 15.75 Date Public:

Related

checkpoint_advisories 1
cvelist 1
cve 1
nessus 1
checkpoint_advisories
checkpoint_advisories
CheckPoint VPN1 ASN 1 Decoding Heap Overflow attack - Ver2 (CVE-2004-0699)
2015-03-26 00:00:00
cvelist
cvelist
CVE-2004-0699
2004-09-14 04:00:00
cve
cve
CVE-2004-0699
2004-09-28 04:00:00
nessus
nessus
Check Point FireWall-1 4.x Multiple Vulnerabilities (OF, FS)
2004-03-02 00:00:00

0.871 High

EPSS

Percentile

98.6%

JSON
Related for VU:435358
checkpoint_advisories1cvelist1cve1nessus1