Check.Point.VPN-1.ASN1.Decoding.Heap.Overflow

description-logoDescription

This indicates an attempt to exploit a heap-based buffer overflow in Check Point VPN-1.
Check Point VPN-1 has a heap-based buffer overflow in the ASN.1 decoding library. A remote attacker could execute arbitrary code on a vulnerable system with "LocalSystem" privileges, via an "IKE" packet with malformed "ASN.1" data.

affected-products-logoAffected Products

Check Point Software VSX FireWall-1 GX
Check Point Software VPN-1/Firewall-1 VSX NG with AI Release 2
Check Point Software VPN-1/Firewall-1 VSX NG with AI Release 1
Check Point Software VPN-1/Firewall-1 VSX 2.0.1
Check Point Software VPN-1 VSX 2.0.1
Check Point Software SSL Network Extender
Check Point Software SecuRemote NG with Application Intelligence R56
Check Point Software SecuRemote 4.1
Check Point Software SecuRemote 4.0
Check Point Software SecureClient NG with Application Intelligence R56
Check Point Software SecureClient 4.1
Check Point Software SecureClient 4.0
Check Point Software Provider-1 NG with Application Intelligence R55
Check Point Software Provider-1 NG with Application Intelligence R54
Check Point Software NG-AI R55W
Check Point Software NG-AI R55
Check Point Software NG-AI R54
Check Point Software FireWall-1 VSX NG with Application Intelligence
Check Point Software FireWall-1 VSX 2.0.1
Check Point Software FireWall-1 Next Generation FP3
Check Point Software FireWall-1 GX 2.5
Check Point Software FireWall-1 GX 2.0

Impact logoImpact

System compromise: remote code execution.

recomended-action-logoRecommended Actions

Apply the appropriate patch for your system.
http://www.checkpoint.com/services/techsupport/alerts/index.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)