Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Updated(2): Checkpoint VPN-1 ASN.1 vulnerability, RADIUS and wireless, reminder about home routers - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Updated(2): Checkpoint VPN-1 ASN.1 vulnerability, RADIUS and wireless, reminder about home routers
Checkpoint VPN-1 ASN.1 vulnerability

Yesterday afternoon, Checkpoint released a bulletin detailing a newly discovered vulnerability in ASN.1 handling in current versions of VPN-1 (specifically NG_AI R55W, NG_AI R55, NG_AI R54, NG FP3, GSX, etc. essentially all versions of NG), this is a completely different vulnerability from the ASN.1 issue several months ago. The bulletin reiterates previous advice recommending against the use of Aggressive Mode IKE. In this case, if aggressive mode is enabled, a 1 packet exploit might be possible. A hot fix has been released that addresses the vulnerability and should be applied as soon as practical on VPN-1 devices that face public networks. We've just received confirmation that version 4.1 is NOT affected by this vulnerability.

RADIUS implementations and wireless

One of the other handlers, Joshua Wright, has co-written a note for IETF, highlighting some of the weaknesses in many current implementations of the RADIUS protocol and especially their significance in wireless environments. Unfortunately, many implementations do not fully implement all the recommendations of the RFCs. This has become of greater significance since it can be used as part of a key distribution mechanism in conjunction with the 802.1x wireless protocol. The draft can be found at

Reminder about home routers

One of our readers, Chris Norton, sent us some information on an experiment that he ran. We won't go into the details today (perhaps in a future diary), but the upshot is a reminder to change default passwords/community strings and when possible disable remote administration capabilities on your home broadband routers.


Jim Clausing, jim.clausing/at/acm.orgI will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Jul 30th 2004

Sign Up for Free or Log In to start participating in the conversation!