SecuRemote ISAKMP Large Certificate Request Payload

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

checkpoint

critical

NVD

Published: 2004-03-03

Updated: 2017-10-10

Summary

Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.

Vulnerable Configurations

Part	Description	Count
Application	Checkpoint Checkpoint Firewall 1 4.1 Checkpoint Firewall 1 Next_Generation_Fp0 Checkpoint Firewall 1 Next_Generation_Fp1 Checkpoint VPN 1 4.1 Checkpoint VPN 1 Next_Generation_Fp0 Checkpoint VPN 1 Next_Generation_Fp1	12

References

http://marc.info/?l=bugtraq&m=107604682227031&w=2
http://www.ciac.org/ciac/bulletins/o-073.shtml
http://www.kb.cert.org/vuls/id/873334
http://www.osvdb.org/3821
http://www.osvdb.org/4432
http://www.securityfocus.com/bid/9582
http://xforce.iss.net/xforce/alerts/id/163
https://exchange.xforce.ibmcloud.com/vulnerabilities/14150