Sign-up

ID

VAR-200409-0025


CVE

CVE-2004-0699


TITLE

Check Point VPN-1 ASN.1 Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 10820 // CNNVD: CNNVD-200409-068

DESCRIPTION

Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data. A vulnerability exists in Check Point's VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system. This issue results from insufficient boundary checks performed by the application when processing user-supplied data. This overflow occurs during the initial key exchange process, and can be triggered with a single UDP packet. Since ISAKMP uses the UDP transport, a spoofed source address can be used in an attack. Check Point reports that for a single packet attack to succeed, VPN-1 must be configured for aggressive mode key exchange. Without aggressive mode, an attacker must initiate a real key negotiation session. This vulnerability can lead to remote code execution in the context of the VPN-1 process. This can lead to a complete system compromise

Trust: 2.79

sources: NVD: CVE-2004-0699 // CERT/CC: VU#435358 // JVNDB: JVNDB-2004-000294 // BID: 10820 // VULHUB: VHN-9129 // VULMON: CVE-2004-0699

AFFECTED PRODUCTS

vendor:checkpointmodel:firewall-1scope:eqversion:4.1

Trust: 1.6

vendor:checkpointmodel:vpn-1scope:eqversion:*

Trust: 1.0

vendor:check pointmodel: - scope: - version: -

Trust: 0.8

vendor:check pointmodel:vpn-1/firewall-1scope:eqversion:ng fp3

Trust: 0.8

vendor:check pointmodel:vpn-1/firewall-1scope:eqversion:ng with application intelligence (r54)

Trust: 0.8

vendor:check pointmodel:vpn-1/firewall-1scope:eqversion:ng with application intelligence (r55)

Trust: 0.8

vendor:check pointmodel:vpn-1/firewall-1scope:eqversion:ng with application intelligence (r55w)

Trust: 0.8

vendor:checkpointmodel:vpn-1scope: - version: -

Trust: 0.6

vendor:checkmodel:point software vsx firewall-1 gxscope: - version: -

Trust: 0.3

vendor:checkmodel:point software vpn-1/firewall-1 vsx ng with ai releasescope:eqversion:2

Trust: 0.3

vendor:checkmodel:point software vpn-1/firewall-1 vsx ng with ai releasescope:eqversion:1

Trust: 0.3

vendor:checkmodel:point software vpn-1/firewall-1 vsxscope:eqversion:2.0.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 vsxscope:eqversion:2.0.1

Trust: 0.3

vendor:checkmodel:point software ssl network extenderscope: - version: -

Trust: 0.3

vendor:checkmodel:point software securemote ng with application intelligence r56scope: - version: -

Trust: 0.3

vendor:checkmodel:point software securemotescope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software securemotescope:eqversion:4.0

Trust: 0.3

vendor:checkmodel:point software secureclient ng with application intelligence r56scope: - version: -

Trust: 0.3

vendor:checkmodel:point software secureclientscope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software secureclientscope:eqversion:4.0

Trust: 0.3

vendor:checkmodel:point software provider-1 ng with application intelligence r55scope: - version: -

Trust: 0.3

vendor:checkmodel:point software provider-1 ng with application intelligence r54scope: - version: -

Trust: 0.3

vendor:checkmodel:point software ng-ai r55wscope: - version: -

Trust: 0.3

vendor:checkmodel:point software ng-ai r55scope: - version: -

Trust: 0.3

vendor:checkmodel:point software ng-ai r54scope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 vsx ng with application intelligencescope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 vsxscope:eqversion:2.0.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 next generation fp3scope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 gxscope:eqversion:2.5

Trust: 0.3

vendor:checkmodel:point software firewall-1 gxscope:eqversion:2.0

Trust: 0.3

sources: CERT/CC: VU#435358 // BID: 10820 // JVNDB: JVNDB-2004-000294 // NVD: CVE-2004-0699 // CNNVD: CNNVD-200409-068

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2004-0699
value: HIGH

Trust: 1.8

CARNEGIE MELLON: VU#435358
value: 15.75

Trust: 0.8

CNNVD: CNNVD-200409-068
value: HIGH

Trust: 0.6

VULHUB: VHN-9129
value: HIGH

Trust: 0.1

VULMON: CVE-2004-0699
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: TRUE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2004-0699
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

VULHUB: VHN-9129
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#435358 // VULHUB: VHN-9129 // VULMON: CVE-2004-0699 // JVNDB: JVNDB-2004-000294 // NVD: CVE-2004-0699 // CNNVD: CNNVD-200409-068

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200409-068

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200409-068

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2004-0699

PATCH
title:asn1url:http://www.checkpoint.com/techsupport/alerts/asn1.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2004-000294

EXTERNAL IDS
db:CERT/CCid:VU#435358
Trust: 3.4
db:NVDid:CVE-2004-0699
Trust: 2.9
db:BIDid:10820
Trust: 2.9
db:SECUNIAid:12177
Trust: 2.6
db:SECTRACKid:1010799
Trust: 1.8
db:OSVDBid:8290
Trust: 1.8
db:SECTRACKid:1010798
Trust: 0.8
db:JVNDBid:JVNDB-2004-000294
Trust: 0.8
db:CNNVDid:CNNVD-200409-068
Trust: 0.7
db:XFid:16824
Trust: 0.6
db:XFid:1
Trust: 0.6
db:CIACid:O-190
Trust: 0.6
db:ISSid:20040728 CHECK POINT VPN-1 ASN.1 DECODING REMOTE COMPROMISE
Trust: 0.6
db:VULHUBid:VHN-9129
Trust: 0.1
db:VULMONid:CVE-2004-0699
Trust: 0.1
sources:
            
            
            CERT/CC: VU#435358 // 
            
            
            
            VULHUB: VHN-9129 // 
            
            
            
            VULMON: CVE-2004-0699 // 
            
            
            
            BID: 10820 // 
            
            
            
            JVNDB: JVNDB-2004-000294 // 
            
            
            
            NVD: CVE-2004-0699 // 
            
            
            
            CNNVD: CNNVD-200409-068

REFERENCES
url:http://xforce.iss.net/xforce/alerts/id/178
Trust: 3.7
url:http://www.checkpoint.com/techsupport/alerts/asn1.html
Trust: 2.9
url:http://www.securityfocus.com/bid/10820
Trust: 2.7
url:http://www.kb.cert.org/vuls/id/435358
Trust: 2.7
url:http://secunia.com/advisories/12177/
Trust: 2.6
url:http://www.ciac.org/ciac/bulletins/o-190.shtml
Trust: 2.6
url:http://www.osvdb.org/displayvuln.php?osvdb_id=8290
Trust: 1.8
url:http://securitytracker.com/alerts/2004/jul/1010799.html
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16824
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0699
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0699
Trust: 0.8
url:http://www.securitytracker.com/alerts/2004/jul/1010798.html
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/16824
Trust: 0.6
url:http://www.checkpoint.com/techsupport/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CERT/CC: VU#435358 // 
            
            
            
            VULHUB: VHN-9129 // 
            
            
            
            VULMON: CVE-2004-0699 // 
            
            
            
            BID: 10820 // 
            
            
            
            JVNDB: JVNDB-2004-000294 // 
            
            
            
            NVD: CVE-2004-0699 // 
            
            
            
            CNNVD: CNNVD-200409-068

CREDITS
Discovery of this vulnerability is credited to Mark Dowd and Neel Mehta of the Internet Security Systems X-Force.
Trust: 0.9
sources:
            
            
            BID: 10820 // 
            
            
            
            CNNVD: CNNVD-200409-068

SOURCES
db:CERT/CCid:VU#435358
db:VULHUBid:VHN-9129
db:VULMONid:CVE-2004-0699
db:BIDid:10820
db:JVNDBid:JVNDB-2004-000294
db:NVDid:CVE-2004-0699
db:CNNVDid:CNNVD-200409-068

LAST UPDATE DATE
2023-12-18T11:11:09.710000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#435358date:2004-08-10T00:00:00
db:VULHUBid:VHN-9129date:2017-07-11T00:00:00
db:VULMONid:CVE-2004-0699date:2017-07-11T00:00:00
db:BIDid:10820date:2009-07-12T06:16:00
db:JVNDBid:JVNDB-2004-000294date:2007-04-01T00:00:00
db:NVDid:CVE-2004-0699date:2017-07-11T01:30:23.543
db:CNNVDid:CNNVD-200409-068date:2005-10-20T00:00:00

SOURCES RELEASE DATE
db:CERT/CCid:VU#435358date:2004-08-02T00:00:00
db:VULHUBid:VHN-9129date:2004-09-28T00:00:00
db:VULMONid:CVE-2004-0699date:2004-09-28T00:00:00
db:BIDid:10820date:2004-07-28T00:00:00
db:JVNDBid:JVNDB-2004-000294date:2007-04-01T00:00:00
db:NVDid:CVE-2004-0699date:2004-09-28T04:00:00
db:CNNVDid:CNNVD-200409-068date:2004-09-28T00:00:00