Check Point plugs VPN security hole

Security appliance vendor Check Point issued a patch on Wednesday to fix vulnerabilities that could allow hackers to take control of certain VPN and firewall appliances and gain network access.

Check Point said it discovered an ASN.1 issue in its VPN-1 products that left them vulnerable to a buffer overrun error that could be exploited while the system is setting up a secure VPN tunnel.

To exploit a buffer-overrun vulnerability, an attacker can send specially crafted packets of information to the appliance that are designed to cause confusion and create an opportunity for the attacker to take control of the product.

Check Point admits the problem "could allow further network compromise", but claims that it does not know of any companies that have been affected by the issue.

According to Check Point, customers are only at risk if Aggressive Mode IKE is implemented and they use remote access VPNs, gateway-to-gateway VPNs and have not upgraded to the latest product versions. The VPN-1/FireWall-1 R55 HFA-08, R54 HFA-412, and VPN-1 SecuRemote/SecureClient R56 HF1 are not at risk.

Check Point recommends that customers with a valid subscription download and deploy the relevant hotfix as soon as possible. Customers that have allowed their service contracts to expire can still obtain the update by contacting Check Point's technical support team.