CVE-2004-0469
CVSS10.0
发布时间 :2004-07-07 00:00:00
修订时间 :2008-09-05 16:38:30
NMCOS    

[原文]Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation.


[CNNVD]Check Point VPN-1 ISAKMP远程缓冲区溢出漏洞(CNNVD-200407-001)

        
        Check Point Firewall-1是一款高性能防火墙,Checkpoint VPN-1服务端和Checkpoint VPN客户端为远程客户计算机提供VPN访问的产品。这些产品的IKE组件允许不定向或双向的两个远程接点的验证。
        Check Point VPN-1产品在进行VPN通道协商时存在缓冲区溢出,远程攻击者可以利用这个漏洞以VPN进程权限在系统上执行任意指令。
        在协商过程中,攻击者发送畸形ISAKMP包可触发缓冲区溢出,精心构建提交数据可能以进程权限在系统上执行任意指令。目前还没有详细漏洞细节提供。
        不使用Remote Access VPNs或gateway-to-gateway VPNs的用户不受此漏洞影响。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:checkpoint:firewall-1:::vsx-ng-ai
cpe:/a:checkpoint:next_generation:::fp3
cpe:/a:checkpoint:firewall-1:2.0.1::vsx
cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence
cpe:/a:checkpoint:firewall-1:2.0::gx
cpe:/a:checkpoint:ng-ai:r54Checkpoint NG-AI R54
cpe:/a:checkpoint:ng-ai:r55Checkpoint NG-AI R55
cpe:/a:checkpoint:vpn-1:vsx_2.0.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0469
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0469
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-001
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16060
(VENDOR_ADVISORY)  XF  vpn1-isakmp-bo(16060)
http://www.securityfocus.com/bid/10273
(VENDOR_ADVISORY)  BID  10273
http://www.checkpoint.com/techsupport/alerts/ike_vpn.html
(VENDOR_ADVISORY)  CHECKPOINT  20040504 ISAKMP Vulnerability

- 漏洞信息

Check Point VPN-1 ISAKMP远程缓冲区溢出漏洞
危急 边界条件错误
2004-07-07 00:00:00 2005-10-20 00:00:00
远程  
        
        Check Point Firewall-1是一款高性能防火墙,Checkpoint VPN-1服务端和Checkpoint VPN客户端为远程客户计算机提供VPN访问的产品。这些产品的IKE组件允许不定向或双向的两个远程接点的验证。
        Check Point VPN-1产品在进行VPN通道协商时存在缓冲区溢出,远程攻击者可以利用这个漏洞以VPN进程权限在系统上执行任意指令。
        在协商过程中,攻击者发送畸形ISAKMP包可触发缓冲区溢出,精心构建提交数据可能以进程权限在系统上执行任意指令。目前还没有详细漏洞细节提供。
        不使用Remote Access VPNs或gateway-to-gateway VPNs的用户不受此漏洞影响。
        

- 公告与补丁

        厂商补丁:
        Check Point Software
        --------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Check Point Software NG-AI R55:
        Check Point Software Hotfix HFA-03 for IPSO
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=IPSO%203.7&patchlevel_selected=R55%20-%20Hotfixes

        For IPSO
        Check Point Software Hotfix HFA-03 for Linux
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R55%20-%20Hotfixes

        For Linux
        Check Point Software Hotfix HFA-03 for SecurePlatform
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R55%20-%20Hotfixes

        For SecurePlatform
        Check Point Software Hotfix HFA-03 for Solaris
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.8&patchlevel_selected=R55%20-%20Hotfixes

        For Solaris
        Check Point Software Hotfix HFA-03 for Windows
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Windows%20NT&patchlevel_selected=R55%20-%20Hotfixes

        For Windows
        Check Point Software NG-AI R54:
        Check Point Software Hotfix HFA-410 for IPSO
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=IPSO%203.7&patchlevel_selected=R54%20-%20Hotfixes

        For IPSO
        Check Point Software Hotfix HFA-410 for Linux
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R54%20-%20Hotfixes

        For Linux
        Check Point Software Hotfix HFA-410 for SecurePlatform
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R54%20-%20Hotfixes

        For SecurePlatform
        Check Point Software Hotfix HFA-410 for Solaris
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.8&patchlevel_selected=R54%20-%20Hotfixes

        For Solaris
        Check Point Software Hotfix HFA-410 for Windows
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Windows%20NT&patchlevel_selected=R54%20-%20Hotfixes

        For Windows
        Check Point Software Next Generation FP3:
        Check Point Software Hotfix HFA-325 for IPSO
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=IPSO%203.6&patchlevel_selected=FP3%20-%20Hotfixes

        For IPSO
        Check Point Software Hotfix HFA-325 for Linux
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Linux&patchlevel_selected=FP3%20-%20Hotfixes

        For Linux
        Check Point Software Hotfix HFA-325 for SecurePlatform
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=SecurePlatform%20FP3%20Edition%202&patchlevel_selected=FP3%20-%20Hotfixes

        For SecurePlatform
        Check Point Software Hotfix HFA-325 for Solaris
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Solaris%202.8&patchlevel_selected=FP3%20-%20Hotfixes

        For Solaris
        Check Point Software Hotfix HFA-325 for Windows
        
        http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Windows%20NT&patchlevel_sel

- 漏洞信息

5883
Check Point VPN-1 Products ISAKMP Overflow
Remote / Network Access Input Manipulation, Other
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in Check Point VPN products. The vulnerable products fail to properly handle invalid ISAKMP packets resulting in a buffer overflow. With a specially crafted request, an attacker can trigger the vulnerability during VPN tunnel negotiation resulting in a loss of confidentiality and/or integrity.

- 时间线

2004-05-04 Unknow
Unknow Unknow

- 解决方案

Follow the instructions posted by the vendor to upgrade vulnerable software, as the vendor has fixed this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Check Point VPN-1 ISAKMP Remote Buffer Overflow Vulnerability
Boundary Condition Error 10273
Yes No
2004-05-04 12:00:00 2009-07-12 04:07:00
This issue was disclosed by Check Point Software.

- 受影响的程序版本

Check Point Software VPN-1 VSX NG with Application Intelligence
Check Point Software VPN-1 VSX 2.0.1
Check Point Software SecuRemote NG with Application Intelligence R56
Check Point Software SecureClient NG with Application Intelligence R56
Check Point Software NG-AI R55
Check Point Software NG-AI R54
Check Point Software Next Generation FP3 HF2
Check Point Software Next Generation FP3 HF1
Check Point Software Next Generation FP3
Check Point Software FireWall-1 VSX NG with Application Intelligence
Check Point Software FireWall-1 VSX 2.0.1
Check Point Software FireWall-1 GX 2.0

- 漏洞讨论

It has been reported that Check Point VPN-1 products may be prone to a remote buffer overflow vulnerability that may allow a remote attacker to execute arbitrary code in order to gain unauthorized access.

The issue is reported to present itself in Check Point VPN-1 products during negotiations of a VPN tunnel. Specifically, a buffer overflow condition may be triggered by sending a malformed ISAKMP packet during the negotiations.

Check Point Software user who do not use Remote Access VPNs or gateway-to-gateway VPNs are not vulnerable to this issue.

Due to a lack of details, further information cannot be provided at the moment. This BID will be updated as more information becomes available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Check Point has released an alert (ISAKMP Alert) that contains pertinent details and fixes for affected customers. See referenced alert for further details.


Check Point Software NG-AI R55

Check Point Software NG-AI R54

Check Point Software VPN-1 VSX NG with Application Intelligence

Check Point Software Next Generation FP3

Check Point Software FireWall-1 VSX NG with Application Intelligence

Check Point Software FireWall-1 GX 2.0

Check Point Software FireWall-1 VSX 2.0.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站