Check Point Software Technologies has advised all customers not using the latest version of its VPN software to upgrade immediately following the discovery of a security hole that could allow remote system access.
The vulnerability is a boundary error in the ISAKMP protocol when building access tunnels. Specially crafted packets can cause a buffer overflow and hence execution of code.
ISAKMP (Internet Security Association & Key Management Protocol) is an add-on security protocol (now being considered by the IETF) which makes external network connections safer by requiring a pair of messages to be exchanged before a link is established.
Check Point is keen to point out that customers that do not use remote access or gateway VPNs will not be affected, nor will those that have upgraded to the latest versions (VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56). It also claimed to know of no organisations that are affected.
Kieren McCarthy writes for Techworld.com