SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   FireWall-1/VPN-1 Vendors:   Check Point
Check Point VPN-1 SecuRemote Lets Remote Users Deny Service
SecurityTracker Alert ID:  1019666
SecurityTracker URL:  http://securitytracker.com/id/1019666
CVE Reference:   CVE-2008-1397   (Links to External Site)
Updated:  Mar 26 2008
Original Entry Date:  Mar 19 2008
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): NGX R60, NGX R61, NGX R62, NGX R65, NG AI R55
Description:   A vulnerability was reported in Check Point VPN-1 SecuRemote. A remote authenticated user can cause denial of service conditions.

In certain VPN configurations, a remote authenticated user can create an IP address collision between the user's client and an IP address in the encrypted domain. This may prevent new connections to the encrypted domain or cause traffic intended for the encrypted domain to be forwarded to the remote user's client.

The vendor was notified on February 20, 2008.

Robert Mitchell of PureSecurity reported this vulnerability.

The original advisory is available at:

http://puresecurity.com.au/index.php?action=fullnews&id=5

Impact:   A remote authenticated user can prevent connections to an encrypted domain.

A remote authenticated user may be able to obtain VPN traffic.

Solution:   For VPN-1 Power/UTM NGX R65 upgrade to HFA_02 and install the following HotFix:

* VPN-1 Power/UTM NGX R65 HFA_02 Supplement 3 for Solaris
* VPN-1 Power/UTM NGX R65 HFA_02 Supplement 3 for Linux/SecurePlatfrom
* VPN-1 Power/UTM NGX R65 HFA_02 Supplement 3 for IPSO
* VPN-1 Power/UTM NGX R65 HFA_02 Supplement 3 for Windows

For VPN-1 Pro NGX R62 GA install the following HotFix:

* VPN-1 Pro NGX R62 Supplement 3 for Solaris
* VPN-1 Pro NGX R62 Supplement 3 for Linux/SecurePlatfrom
* VPN-1 Pro NGX R62 Supplement 3 for IPSO
* VPN-1 Pro NGX R62 Supplement 3 for Windows

For VPN-1 Pro NGX R61 upgrade to HFA_03 and install the following HotFix:

* VPN-1 Pro NGX R61 HFA_03 Supplement 3 for Solaris
* VPN-1 Pro NGX R61 HFA_03 Supplement 3 for Linux/SecurePlatfrom
* VPN-1 Pro NGX R61 HFA_03 Supplement 3 for IPSO
* VPN-1 Pro NGX R61 HFA_03 Supplement 3 for Windows

For VPN-1 Pro NGX R60 upgrade to HFA_06 and install the following HotFix:

* VPN-1 Pro NGX R60 HFA_06 Supplement 3 for Solaris
* VPN-1 Pro NGX R60 HFA_06 Supplement 3 for Linux/SecurePlatfrom
* VPN-1 Pro NGX R60 HFA_06 Supplement 3 for IPSO
* VPN-1 Pro NGX R60 HFA_06 Supplement 3 for Windows

For VPN-1/Firewall-1 NG with AI R55, some configuration changes are provided in the vendor's advisory.

For VPN-1 Power/UTM NGX R65 with Messaging Security, contact Check Point Support.

The Check Point advisory is available at:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34579&js_peid=P-114a7ba5fd7-10001&partition=null&product=VPN-1

Vendor URL:  supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34579&js_peid=P-114a7ba5fd7-10001&partition=null&product=VPN-1 (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC