安全研究
安全漏洞
Check Point VPN-1 ISAKMP远程缓冲区溢出漏洞
发布日期:2004-05-04
更新日期:2004-05-09
受影响系统:
Check Point Software Firewall-1 VSX NG with Application Intell描述:
Check Point Software Firewall-1 VSX 2.0.1
Check Point Software Firewall-1 GX 2.0
Check Point Software Next Generation FP3 HF2
Check Point Software Next Generation FP3 HF1
Check Point Software Next Generation FP3
Check Point Software VPN-1 VSX NG with Application Intell
Check Point Software VPN-1 VSX 2.0.1
Check Point Software NG-AI R55
Check Point Software NG-AI R54
Check Point Software SecureClient NG with Application Intelligen
Check Point Software SecuRemote NG with Application Intelligen
BUGTRAQ ID: 10273
CVE(CAN) ID: CVE-2004-0469
Check Point Firewall-1是一款高性能防火墙,Checkpoint VPN-1服务端和Checkpoint VPN客户端为远程客户计算机提供VPN访问的产品。这些产品的IKE组件允许不定向或双向的两个远程接点的验证。
Check Point VPN-1产品在进行VPN通道协商时存在缓冲区溢出,远程攻击者可以利用这个漏洞以VPN进程权限在系统上执行任意指令。
在协商过程中,攻击者发送畸形ISAKMP包可触发缓冲区溢出,精心构建提交数据可能以进程权限在系统上执行任意指令。目前还没有详细漏洞细节提供。
不使用Remote Access VPNs或gateway-to-gateway VPNs的用户不受此漏洞影响。
<*来源:Check Point Software
链接:http://www.checkpoint.com/techsupport/alerts/ike_vpn.html
*>
建议:
厂商补丁:
Check Point Software
--------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Check Point Software NG-AI R55:
Check Point Software Hotfix HFA-03 for IPSO
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=IPSO%203.7&patchlevel_selected=R55%20-%20Hotfixes
For IPSO
Check Point Software Hotfix HFA-03 for Linux
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R55%20-%20Hotfixes
For Linux
Check Point Software Hotfix HFA-03 for SecurePlatform
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R55%20-%20Hotfixes
For SecurePlatform
Check Point Software Hotfix HFA-03 for Solaris
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.8&patchlevel_selected=R55%20-%20Hotfixes
For Solaris
Check Point Software Hotfix HFA-03 for Windows
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Windows%20NT&patchlevel_selected=R55%20-%20Hotfixes
For Windows
Check Point Software NG-AI R54:
Check Point Software Hotfix HFA-410 for IPSO
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=IPSO%203.7&patchlevel_selected=R54%20-%20Hotfixes
For IPSO
Check Point Software Hotfix HFA-410 for Linux
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Linux&patchlevel_selected=R54%20-%20Hotfixes
For Linux
Check Point Software Hotfix HFA-410 for SecurePlatform
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=SecurePlatform&patchlevel_selected=R54%20-%20Hotfixes
For SecurePlatform
Check Point Software Hotfix HFA-410 for Solaris
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Solaris%202.8&patchlevel_selected=R54%20-%20Hotfixes
For Solaris
Check Point Software Hotfix HFA-410 for Windows
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intelligence&os_selected=Windows%20NT&patchlevel_selected=R54%20-%20Hotfixes
For Windows
Check Point Software Next Generation FP3:
Check Point Software Hotfix HFA-325 for IPSO
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=IPSO%203.6&patchlevel_selected=FP3%20-%20Hotfixes
For IPSO
Check Point Software Hotfix HFA-325 for Linux
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Linux&patchlevel_selected=FP3%20-%20Hotfixes
For Linux
Check Point Software Hotfix HFA-325 for SecurePlatform
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=SecurePlatform%20FP3%20Edition%202&patchlevel_selected=FP3%20-%20Hotfixes
For SecurePlatform
Check Point Software Hotfix HFA-325 for Solaris
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Solaris%202.8&patchlevel_selected=FP3%20-%20Hotfixes
For Solaris
Check Point Software Hotfix HFA-325 for Windows
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1&version_selected=NG&os_selected=Windows%20NT&patchlevel_selected=FP3%20-%20Hotfixes
For Windows
Check Point Software VPN-1 VSX NG with Application Intelligence :
Check Point Software Hotfix VPN-1/FireWall-1 VSX
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1%20VSX&version_selected=VSX%20NG%20with%20Application%20Intelligence&os_selected=VSX%20NG%20with%20Application%20Intelligence%20SingleCD&patchlevel_selected
VPN-1/FireWall-1 VSX NG with Application Intelligence
Check Point Software FireWall-1 VSX NG with Application Intelligence :
Check Point Software Hotfix VPN-1/FireWall-1 VSX
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_product=VPN-1/FireWall-1%20VSX&version_selected=VSX%20NG%20with%20Application%20Intelligence&os_selected=VSX%20NG%20with%20Application%20Intelligence%20SingleCD&patchlevel_selected
VPN-1/FireWall-1 VSX NG with Application Intelligence
Check Point Software Hotfix VSX NG with Application Intelligence HotFix
http://www.checkpoint.com/support/downloads/bin/vpn_des/vsx/ngai/linux/vpn_hf_vsx_ngai_april_2004_linux.zip
For SecurePlatform
Check Point Software FireWall-1 GX 2.0:
Check Point Software Hotfix GX 2.0 Hotfix for IPSO
http://www.checkpoint.com/support/downloads/bin/vpn_des/gx/v2.0/ipso/cp_ike_hotfix_apr_2004_gx20_ipso.gz
For IPSO
Check Point Software Hotfix GX 2.0 Hotfix for Linux
http://www.checkpoint.com/support/downloads/bin/vpn_des/gx/v2.0/linux/cp_ike_hotfix_apr_2004_gx20_linux.gz
For Linux
Check Point Software Hotfix GX 2.0 Hotfix for SecurePlatform
http://www.checkpoint.com/support/downloads/bin/vpn_des/gx/v2.0/linux/cp_ike_hotfix_apr_2004_gx20_linux.gz
For SecurePlatform
Check Point Software Hotfix GX 2.0 Hotfix for Solaris
http://www.checkpoint.com/support/downloads/bin/vpn_des/gx/v2.0/solaris/cp_ike_hotfix_apr_2004_gx20_solaris2.gz
For Solaris
Check Point Software FireWall-1 VSX 2.0.1:
Check Point Software Hotfix VSX 2.0.1 Hotfix
http://www.checkpoint.com/support/downloads/bin/vpn_des/vsx/2.0.1/linux/vpn_hf_vsx_201_april_2004_linux.zip
For SecurePlatform
浏览次数:3799
严重程度:0(网友投票)
绿盟科技给您安全的保障