Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 IKE:INV-DER-LEN

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 IKE

Keywords

 CheckPoint VPN-1 ISAKMP Invalid DER Length

Release Date

 2004/09/01

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

IKE: CheckPoint VPN-1 ISAKMP Invalid DER Length


This signature detects attempts to exploit a known vulnerability in the ISAKMP implementation used by CheckPoint VPN-1. Attackers can send a malformed ISAKMP packet to gain control of the firewall.

Extended Description

A remote buffer overflow vulnerability is reported in Check Point VPN-1 that may allow a remote attacker to execute arbitrary code in order to gain unauthorized access. This issue results from insufficient boundary checks performed by the application when processing user-supplied data. This overflow occurs during the initial key exchange process, and can be triggered with a single UDP packet. Since ISAKMP uses the UDP transport, a spoofed source address can be used in an attack. Check Point reports that for a single packet attack to succeed, VPN-1 must be configured for aggressive mode key exchange. Without aggressive mode, an attacker must initiate a real key negotiation session. This vulnerability can lead to remote code execution in the context of the VPN-1 process. This can lead to a complete system compromise. Check Point has released an advisory and fixes for this issue.

Affected Products

  • Check Point Software Firewall-1 4.1.0 SP6
  • Check Point Software FireWall-1 GX 2.0.0
  • Check Point Software FireWall-1 GX 2.5.0
  • Check Point Software FireWall-1 Next Generation FP3
  • Check Point Software FireWall-1 VSX 2.0.1
  • Check Point Software FireWall-1 VSX NG with Application Intelligence
  • Check Point Software NG-AI R54
  • Check Point Software NG-AI R55
  • Check Point Software NG-AI R55W
  • Check Point Software Provider-1 NG with Application Intelligence R54
  • Check Point Software Provider-1 NG with Application Intelligence R55
  • Check Point Software SecureClient 4.0.0
  • Check Point Software SecureClient 4.1.0
  • Check Point Software SecureClient NG with Application Intelligence R56
  • Check Point Software SecuRemote 4.0.0
  • Check Point Software SecuRemote 4.1.0
  • Check Point Software SecuRemote NG with Application Intelligence R56
  • Check Point Software SSL Network Extender
  • Check Point Software VPN-1/Firewall-1 VSX 2.0.1
  • Check Point Software VPN-1/Firewall-1 VSX NG with AI Release 1
  • Check Point Software VPN-1/Firewall-1 VSX NG with AI Release 2
  • Check Point Software VPN-1 VSX 2.0.1
  • Check Point Software VSX FireWall-1 GX

References

  • BugTraq: 10820
  • CVE: CVE-2004-0699
  • URL: http://www.checkpoint.com/techsupport/alerts/asn1.html
  • URL: http://xforce.iss.net/xforce/alerts/id/178

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out