The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of VPN-1: denial of service and information disclosure

Synthesis of the vulnerability 

In some cases, an attacker with a SecuRemote (SecureClient, SNX) access can intercept data of a site-to-site VPN.
Impacted products: CheckPoint SecureClient, CheckPoint SecuRemote, VPN-1.
Severity of this bulletin: 2/4.
Creation date: 18/03/2008.
Références of this threat: BID-28299, CVE-2008-1397, sk34579, VIGILANCE-VUL-7677, VU#992585.

Description of the vulnerability 

A vulnerability was announced in a special configuration of VPN-1 (simplified):
 - The VPN gateway, named A, allows remote client access.
 - A site-to-site VPN is established between A and another gateway named B. The network of B is for example 192.168.1.0/24.
 - The attacker, named C, has a valid account to connect via SecuRemote (SecureClient, SNX) to A.

Attacker can then change his IP address (192.168.1.10) to one belonging to the network of B. This IP address can be translated (router).

In this case, when a user from the internal network of A tries to connect to 192.168.1.10, it connects to attacker instead of connecting to B network. Moreover, related sessions do not flow between A and B.

An attacker can thus spoof the identity of a B computer in order to obtain information and to create a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security weakness impacts software or systems such as CheckPoint SecureClient, CheckPoint SecuRemote, VPN-1.

Our Vigil@nce team determined that the severity of this threat bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of user account.

An attacker with a expert ability can exploit this threat.

Solutions for this threat 

VPN-1: hotfix and workaround.
A hotfix and workarounds are indicated in CheckPoint announce.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security announce. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.