Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firewall-1 | Checkpoint | 4.1 (including) | 4.1 (including) |
| Firewall-1 | Checkpoint | 4.1-sp1 (including) | 4.1-sp1 (including) |
| Firewall-1 | Checkpoint | 4.1-sp2 (including) | 4.1-sp2 (including) |
| Firewall-1 | Checkpoint | 4.1-sp3 (including) | 4.1-sp3 (including) |
| Firewall-1 | Checkpoint | 4.1-sp4 (including) | 4.1-sp4 (including) |
| Firewall-1 | Checkpoint | 4.1-sp5 (including) | 4.1-sp5 (including) |
| Firewall-1 | Checkpoint | 4.1-sp5a (including) | 4.1-sp5a (including) |
| Firewall-1 | Checkpoint | next_generation_fp0 (including) | next_generation_fp0 (including) |
| Firewall-1 | Checkpoint | next_generation_fp1 (including) | next_generation_fp1 (including) |
| Vpn-1 | Checkpoint | 4.1-sp5a (including) | 4.1-sp5a (including) |
| Vpn-1 | Checkpoint | next_generation_fp0 (including) | next_generation_fp0 (including) |
| Vpn-1 | Checkpoint | next_generation_fp1 (including) | next_generation_fp1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2
- http://www.ciac.org/ciac/bulletins/o-073.shtml
- http://www.kb.cert.org/vuls/id/873334
- http://www.osvdb.org/3821
- http://www.osvdb.org/4432
- http://www.securityfocus.com/bid/9582
- http://xforce.iss.net/xforce/alerts/id/163
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14150
- http://marc.info/?l=bugtraq\u0026m=107604682227031\u0026w=2
- http://www.ciac.org/ciac/bulletins/o-073.shtml
- http://www.kb.cert.org/vuls/id/873334
- http://www.osvdb.org/3821
- http://www.osvdb.org/4432
- http://www.securityfocus.com/bid/9582
- http://xforce.iss.net/xforce/alerts/id/163
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14150