Two potentially damaging vulnerabilities have been found in products from Check Point Software Technologies Ltd....
Both flaws could allow remote attackers to gain access to sensitive data on private networks.
A patch is available for one of the vulnerabilities. But the second flaw exists in an unsupported product, so users need to upgrade to protect themselves. Both flaws were discovered by Internet Security Systems Inc.'s X-Force team.
The first flaw is in the HTTP Application Intelligence component in Check Point Firewall-1. It's for detecting attacks targeted at servers behind the firewall.
Attackers could exploit the flaw to modify the firewall rules or change configurations on targeted firewalls. But exploiting the vulnerability is not easy, said Mark Dowd, the X-Force research analyst who discovered the flaws.
"There are quite a few complicating factors, such as a limit on input you can submit. And only certain characters can be used in requests," he said.
The second vulnerability is in Check Point VPN-1 Server and its client, Securemote/SecureClient. The flaw is a standard buffer overflow in the ISAKMP processing component in both products. That flaw is relatively easy to exploit compared with the HTTP server flaw, Dowd said. "There are no complications. It would just take a standard exploit," he said.
A lot of damage could occur if the VPN-1 flaw is exploited. Essentially, attackers could gain control of either the VPN server or client. "They would have direct access to their internal network," Dowd said.
There are not a lot of workarounds for the vulnerabilities. Both Check Point and Dowd recommend upgrading to plug the VPN-1 flaw. There is a hotfix for the Firewall-1 vulnerability for the following versions: NG FP3 HF2, NG with Application Intelligence R54 and NG with Application Intelligence R55.
There is some irony in ISS finding the vulnerabilities in Check Point's products. The two companies compete on various levels, most notably in the intrusion detection space. ISS is a major player in the personal firewall market. Just Tuesday, the company announced its share of the worldwide corporate personal firewall/VPN software market jumped to 16.3%.
FOR MORE INFORMATION: