Jump to content


Photo

Checkpoint VPN-1 ASN.1 vuln/Hotfix available


  • Please log in to reply
No replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,569 posts

Posted 30 July 2004 - 06:50 AM

FYI...from the Internet Storm Center:

- http://isc.sans.org/...date=2004-07-29
Updated July 30th 2004 02:30 UTC
"Checkpoint VPN-1 ASN.1 vulnerability
Yesterday afternoon, Checkpoint released a bulletin detailing a newly discovered vulnerability in ASN.1 handling in current versions of VPN-1 (specifically NG_AI R55W, NG_AI R55, NG_AI R54, NG FP3, GSX, etc. essentially all versions of NG), this is a completely different vulnerability from the ASN.1 issue several months ago. The bulletin reiterates previous advice recommending against the use of Aggressive Mode IKE. In this case, if aggressive mode is enabled, a 1 packet exploit might be possible. A hot fix has been released that addresses the vulnerability and should be applied as soon as practical on VPN-1 devices that face public networks. We've just received confirmation that version 4.1 is NOT affected by this vulnerability..."

>>> http://www.checkpoin...lerts/asn1.html

.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button