Vulnerability Description
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Firewall-1 | 4.1 |
| Checkpoint | Vpn-1 | All versions |
References
- http://secunia.com/advisories/12177/
- http://securitytracker.com/alerts/2004/Jul/1010799.html
- http://www.checkpoint.com/techsupport/alerts/asn1.htmlPatchVendor Advisory
- http://www.ciac.org/ciac/bulletins/o-190.shtml
- http://www.kb.cert.org/vuls/id/435358US Government Resource
- http://www.osvdb.org/displayvuln.php?osvdb_id=8290
- http://www.securityfocus.com/bid/10820
- http://xforce.iss.net/xforce/alerts/id/178PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16824
- http://secunia.com/advisories/12177/
- http://securitytracker.com/alerts/2004/Jul/1010799.html
- http://www.checkpoint.com/techsupport/alerts/asn1.htmlPatchVendor Advisory
- http://www.ciac.org/ciac/bulletins/o-190.shtml
- http://www.kb.cert.org/vuls/id/435358US Government Resource
- http://www.osvdb.org/displayvuln.php?osvdb_id=8290
FAQ
What is CVE-2004-0699?
CVE-2004-0699 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE nego...
How severe is CVE-2004-0699?
CVE-2004-0699 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0699?
Check the references section above for vendor advisories and patch information. Affected products include: Checkpoint Firewall-1, Checkpoint Vpn-1.