Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Updated(2): Checkpoint VPN-1 ASN.1 vulnerability, RADIUS and wireless, reminder about home routers SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Updated(2): Checkpoint VPN-1 ASN.1 vulnerability, RADIUS and wireless, reminder about home routers
Checkpoint VPN-1 ASN.1 vulnerability

Yesterday afternoon, Checkpoint released a bulletin detailing a newly discovered vulnerability in ASN.1 handling in current versions of VPN-1 (specifically NG_AI R55W, NG_AI R55, NG_AI R54, NG FP3, GSX, etc. essentially all versions of NG), this is a completely different vulnerability from the ASN.1 issue several months ago. The bulletin reiterates previous advice recommending against the use of Aggressive Mode IKE. In this case, if aggressive mode is enabled, a 1 packet exploit might be possible. A hot fix has been released that addresses the vulnerability and should be applied as soon as practical on VPN-1 devices that face public networks. We've just received confirmation that version 4.1 is NOT affected by this vulnerability.

http://www.checkpoint.com/techsupport/alerts/asn1.html


RADIUS implementations and wireless

One of the other handlers, Joshua Wright, has co-written a note for IETF, highlighting some of the weaknesses in many current implementations of the RADIUS protocol and especially their significance in wireless environments. Unfortunately, many implementations do not fully implement all the recommendations of the RFCs. This has become of greater significance since it can be used as part of a key distribution mechanism in conjunction with the 802.1x wireless protocol. The draft can be found at

http://www.drizzle.com/~aboba/RADEXT/radius_vuln_00.txt


Reminder about home routers

One of our readers, Chris Norton, sent us some information on an experiment that he ran. We won't go into the details today (perhaps in a future diary), but the upshot is a reminder to change default passwords/community strings and when possible disable remote administration capabilities on your home broadband routers.



---------------------------------------------

Jim Clausing, jim.clausing/at/acm.orgI will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - Live Online

 Jim

415 Posts
ISC Handler
Subscribe Jul 30th 2004
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!