Buffer overflow in Check Point VPN-1/FW-1
Buffer overflow in Check Point VPN-1/FW-1
Madrid, July 29 2004 - Check Point has confirmed at this site, the existence of a vulnerability in Check Point VPN-1 in the treatment of IKE packets with ASN.1 encoded content. A remote user could exploit this vulnerability in order to take control of affected systems.
The Check Point advisory explains that a remote user could send a malformed IKE packet to cause a buffer overflow and run arbitrary code on the gateway. In some circumstances, a remote users could compromise security across the entire internal network protected. Systems using remote access VPNs or gateway-to-gateway VPNs are affected.
If ˝Aggressive Mode IKE˝ is implemented, a single packet could exploit the flaw. Check Point strongly discourages the use of Aggressive Mode IKE because of the inherent security limitations. On the other hand, if IKE is used without Aggressive Mode enabled, the attacker would have to initiate a real IKE negotiation to be able to launch the attack. As the malicious IKE packet has to be encrypted as part of the IKE negotiation, the attack can´t be detected using intrusion signatures.
Check Point has released the updates necessary to correct this problem in all systems affected. These are available from the Internet address above.
Oxygen3 24h-365d, by Panda Software
© Panda Software 2003
Back
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel