Check Point hit by VPN vulnerability
Published: 10 May 2004 13:55 BST
Companies who use one of Check Point's virtual private networking applications have been urged to patch their systems after the discovery of a security hole in the products.
The vulnerability could allow a hacker to break into a supposedly secure connection set up through one of Check Point's VPN-1 applications, the company warned last week. In some circumstances, a company's wider network could also be under threat.
Customers who have already upgraded to one of the latest versions of Check Point's VPN-1 range should be safe, but those who haven't should visit the company's Web site to download a fix. Windows, Linux, Solaris, SecurePlatform and IPSO versions are all affected.
"Check Point knows of no organisations that have had systems affected by this issue. However, in order to protect VPN-1 Gateways, Check Point recommends that customers install an update on all enforcement modules," said the company.
The flaw in question concerns ISAKMP (Internet Security Association & Key Management Protocol), the networking protocol that allows the VPN server and client to confirm each other's identity by exchanging a key before the secure connection will be set up.
If a specially engineered packet is received by an unpatched server during the ISAKMP negotiations, then this will cause a buffer overrun that compromises the security of the VPN link.
Click here to download a patch from Check Point's site.
Did you find this article useful?
83 out of 164 people found this useful
- Share this article:
