Vulnerability Bulletins |
Desbordamiento de búfer en el procesado de ASN.1 afecta a productos Check Point VPN-1 |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Networking |
| Affected software |
Check Point VPN-1/FireWall-1 NG Check Point VPN-1/FireWall-1 VSX NG & Application Intelligence, Check Point Provider-1 NG Check Point FireWall-1 GX v2.0 |
Description |
|
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en los productos Check Point VPN-1. La vulnerabilidad reside en el manejo de la codificación ASN.1 durante las negociaciones de un túnel VPN. La explotación de esta vulnerabilidad podría permitir a un atacante remoto comprometer un dispositivo afectado y, por lo tanto, llegar a obtener acceso a la red que hay detrás suyo. |
|
Solution |
|
|
Software update Check Point VPN-1/FireWall-1 NG & Application Intelligence R55W - ASN.1 Hotfix IPSO http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=IPSO%203.7&patchlevel_selected=R55W Linux http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R55W SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R55W Solaris http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.9&patchlevel_selected=R55W Windows http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Windows%202003&patchlevel_selected=R55W VPN-1/FireWall-1 NG & Application Intelligence R55 ASN.1 HF IPSO 3.8 http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=IPSO%203.8&patchlevel_selected=R55 Linux 3.0 (RHEL 3.0) http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux%203.0&patchlevel_selected=R55 VPN-1/FireWall-1 NG & Application Intelligence R55 HFA-08 IPSO http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=IPSO%203.7&patchlevel_selected=R55%20-%20Hotfixes Linux http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R55%20-%20Hotfixes SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R55%20-%20Hotfixes Solaris http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.9&patchlevel_selected=R55%20-%20Hotfixes Windows http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Windows%202003&patchlevel_selected=R55%20-%20Hotfixes VPN-1/FireWall-1 NG with Application Intelligence R54 HFA-412 IPSO http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=IPSO%203.7&patchlevel_selected=R54%20-%20Hotfixes Linux http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R54%20-%20Hotfixes SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R54%20-%20Hotfixes Solaris http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.9&patchlevel_selected=R54%20-%20Hotfixes Windows http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Windows%202000&patchlevel_selected=R54%20-%20Hotfixes VPN-1/FireWall-1 Next Generation FP3 ASN.1 Hotfix IPSO http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=IPSO%203.6&patchlevel_selected=FP3%20-%20Hotfixes Linux http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Linux&patchlevel_selected=FP3%20-%20Hotfixes SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=SecurePlatform%20FP3%20Edition%202&patchlevel_selected=FP3%20-%20Hotfixes Solaris http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Solaris%202.8&patchlevel_selected=FP3%20-%20Hotfixes Windows http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Windows%202000&patchlevel_selected=FP3%20-%20Hotfixes VPN-1 SecuRemote/SecureClient NG & Application Intelligence R56 HF-01 http://www.checkpoint.com/techsupport/downloads_sr.html R55 HFA-03 http://www.checkpoint.com/techsupport/downloads_sr.html Provider-1 NG & Application Intelligence R55 HFA-08 Linux http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=Provider-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R55%20-%20Hotfixes SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=Provider-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R55%20-%20Hotfixes Solaris http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=Provider-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.9&patchlevel_selected=R55%20-%20Hotfixes Provider-1 NG & Application Intelligence R54 HFA-412 Solaris http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=Provider-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.9&patchlevel_selected=R54%20-%20Hotfixes FireWall-1 GX 2.5 ASN.1 Hotfix IPSO http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.5&os_selected=IPSO&patchlevel_selected=v2.5 Linux http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.5&os_selected=Linux&patchlevel_selected=v2.5 SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.5&os_selected=SecurePlatform&patchlevel_selected=v2.5 Solaris http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.5&os_selected=Solaris&patchlevel_selected=v2.5 Windows http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.5&os_selected=Windows&patchlevel_selected=v2.5 FireWall-1 GX 2.0 ASN.1 Hotfix IPSO http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.0&os_selected=IPSO&patchlevel_selected=NG%20FP2%20-%20v2.0 Linux http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.0&os_selected=Linux&patchlevel_selected=NG%20FP2%20-%20v2.0 SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.0&os_selected=SecurePlatform&patchlevel_selected=NG%20FP2%20-%20v2.0 Solaris http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.0&os_selected=Solaris&patchlevel_selected=NG%20FP2%20-%20v2.0 Windows http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=FireWall-1%20GX&version_selected=v2.0&os_selected=Windows&patchlevel_selected=NG%20FP2%20-%20v2.0 SSL Network Extender Linux http://staging.us.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=SSL%20Network%20Extender&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R55 SecurePlatform http://staging.us.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=SSL%20Network%20Extender&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R55 Solaris http://staging.us.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=SSL%20Network%20Extender&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.9&patchlevel_selected=R55 Windows http://staging.us.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=SSL%20Network%20Extender&version_selected=NG%20with%20Application%20Intelligence&os_selected=Windows%202003&patchlevel_selected=R55 VPN-1/FireWall-1 VSX NG with Application Intelligence Release 2 ASN.1 Hotfix IPSO http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1%20VSX&version_selected=VSX%20NG%20with%20Application%20Intelligence%20Release%202&os_selected=IPSO%203.7&patchlevel_selected=VPN-1%20VSX%20Release%202 VPN-1/FireWall-1 VSX NG with Application Intelligence ASN.1 Hotfix SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1%20VSX&version_selected=VSX%20NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=Initial%20Release VPN-1/FireWall-1 VSX 2.0.1 ASN.1 Hotfix Linux http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1%20VSX&version_selected=VSX%202.0.1&os_selected=VSX%202.0.1%20SingleCD&patchlevel_selected=Initial%20Release%20-%20Hotfixes SecurePlatform http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1%20VSX&version_selected=VSX%202.0.1&os_selected=VSX%202.0.1%20SingleCD&patchlevel_selected=Initial%20Release%20-%20Hotfixes |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0699 |
| BID | 10820 |
Other resources |
|
|
Check Point July 28, 2004 ASN.1 Alert http://www.checkpoint.com/techsupport/alerts/asn1.html Internet Security Systems Protection Advisory http://xforce.iss.net/xforce/alerts/id/178 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-07-29 |
| 1.1 | Añadido aviso publicado por ISS. CAN añadido. | 2004-07-30 |