Check Point VPN-1/SecuRemote contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to improper handling of ISAKMP packets with large Certificate Request payloads from remote hosts. If an attacker sends a specially crafted request they may be able to overflow a buffer and execute arbitrary commands with SYSTEM privilegs.
Classification
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Security Software
Solution
Upgrade to version 4.1 SP6, NG FP2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
iss.net - ISS X-Force Research