TITLE:
Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA10795
VERIFY ADVISORY:
http://www.secunia.com/advisories/10795/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Check Point VPN-1 SecureClient
Check Point VPN-1 SecuRemote
Check Point VPN-1 Server 4.x
DESCRIPTION:
Mark Dowd and Neel Mehta of ISS X-Force has discovered a
vulnerability in Check Point VPN-1 Server and VPN clients,
which can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused due to a boundary error in the
ISAKMP processing during authentication. This can be
exploited to cause a buffer overflow by sending packets
with an extremely large "Certificate Request" payload,
which may allow execution of arbitrary code with SYSTEM or
root privileges.
The following products are reportedly affected:
* Check Point VPN-1 Server 4.1 up to and including SP6
with OpenSSL Hotfix
* Check Point SecuRemote/SecureClient 4.1 up to and
including build 4200
SOLUTION:
Check Point no longer supports the affected versions and
therefore advises customers to upgrade to the NG versions
of the products.
PROVIDED AND/OR DISCOVERED BY:
Mark Dowd and Neel Mehta, ISS X-Force.
ORIGINAL ADVISORY:
ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/163
About:
This Advisory was delivered by Secunia as a free service
to help everybody keeping their systems up to date against
the latest vulnerabilities.
Subscribe:
http://www.secunia.com/secunia_secu...dvisories/
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you
receive by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party
patches, only use those supplied by the vendor.
Salu2!!
Javier Inglés
MS MVP
Leer las respuestas