Check Point Patches Buffer Overflows
Page 1 of 1
A buffer overflow vulnerability in Check Point's virtual private network (VPN) products could put users at risk of network takeover, the company warned in an advisory.
Check Point, which provides perimeter security software for corporate
networks, confirmed the existence of the flaw in the way its VPN
"In certain circumstances, this compromise could allow further network compromise," Check Point said in an alert posted online. The company also issued patches to correct the flaw.
Check Point described the vulnerability as an ASN.1
"When using IKE without enabling Aggressive Mode, the single packet attack is not possible, as the attacker must initiate a real IKE negotiation in order to perform the attack. The malformed IKE packet of this attack vector must be encrypted, which prevents detection of it using a signature," the company said.
Check Point said it was unaware of any active exploits targeting its customers.
Customers who do not use Remote Access VPNs or gateway-to-gateway VPNs, or who have upgraded to current product versions (VPN-1/FireWall-1 R55 HFA-08, R54 HFA-412, and VPN-1 SecuRemote/SecureClient R56 HF1) are not affected by this issue, Check Point said.