ID
VAR-E-200407-0196
CVE
| cve_id: | CVE-2004-0699 | Trust: 0.3 |
TITLE
Check Point VPN-1 ASN.1 Buffer Overflow Vulnerability
Trust: 0.3
DESCRIPTION
A remote buffer overflow vulnerability is reported in Check Point VPN-1 that may allow a remote attacker to execute arbitrary code in order to gain unauthorized access. This issue results from insufficient boundary checks performed by the application when processing user-supplied data.
This overflow occurs during the initial key exchange process, and can be triggered with a single UDP packet. Since ISAKMP uses the UDP transport, a spoofed source address can be used in an attack.
Check Point reports that for a single packet attack to succeed, VPN-1 must be configured for aggressive mode key exchange. Without aggressive mode, an attacker must initiate a real key negotiation session.
This vulnerability can lead to remote code execution in the context of the VPN-1 process. This can lead to a complete system compromise.
Check Point has released an advisory and fixes for this issue.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | check | model: | point software vsx firewall-1 gx | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software vpn-1/firewall-1 vsx ng with ai release | scope: | eq | version: | 2 | Trust: 0.3 |
| vendor: | check | model: | point software vpn-1/firewall-1 vsx ng with ai release | scope: | eq | version: | 1 | Trust: 0.3 |
| vendor: | check | model: | point software vpn-1/firewall-1 vsx | scope: | eq | version: | 2.0.1 | Trust: 0.3 |
| vendor: | check | model: | point software vpn-1 vsx | scope: | eq | version: | 2.0.1 | Trust: 0.3 |
| vendor: | check | model: | point software ssl network extender | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software securemote ng with application intelligence r56 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software securemote | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | check | model: | point software securemote | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | check | model: | point software secureclient ng with application intelligence r56 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software secureclient | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | check | model: | point software secureclient | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | check | model: | point software provider-1 ng with application intelligence r55 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software provider-1 ng with application intelligence r54 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software ng-ai r55w | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software ng-ai r55 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software ng-ai r54 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software firewall-1 vsx ng with application intelligence | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software firewall-1 vsx | scope: | eq | version: | 2.0.1 | Trust: 0.3 |
| vendor: | check | model: | point software firewall-1 next generation fp3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | check | model: | point software firewall-1 gx | scope: | eq | version: | 2.5 | Trust: 0.3 |
| vendor: | check | model: | point software firewall-1 gx | scope: | eq | version: | 2.0 | Trust: 0.3 |
EXPLOIT
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Boundary Condition Error
Trust: 0.3
CREDITS
Discovery of this vulnerability is credited to Mark Dowd and Neel Mehta of the Internet Security Systems X-Force.
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2004-0699 | Trust: 0.3 |
| db: | BID | id: | 10820 | Trust: 0.3 |
REFERENCES
| url: | http://xforce.iss.net/xforce/alerts/id/178 | Trust: 0.3 |
| url: | http://www.checkpoint.com/techsupport/alerts/asn1.html | Trust: 0.3 |
| url: | http://www.checkpoint.com/techsupport/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 10820 |
LAST UPDATE DATE
2022-07-27T09:44:13.585000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 10820 | date: | 2009-07-12T06:16:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 10820 | date: | 2004-07-28T00:00:00 |