Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-07-29 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Updated(2): Checkpoint VPN-1 ASN.1 vulnerability, RADIUS and wireless, reminder about home routers

Published: 2004-07-29
Last Updated: 2004-07-30 02:30:11 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Checkpoint VPN-1 ASN.1 vulnerability

Yesterday afternoon, Checkpoint released a bulletin detailing a newly discovered vulnerability in ASN.1 handling in current versions of VPN-1 (specifically NG_AI R55W, NG_AI R55, NG_AI R54, NG FP3, GSX, etc. essentially all versions of NG), this is a completely different vulnerability from the ASN.1 issue several months ago. The bulletin reiterates previous advice recommending against the use of Aggressive Mode IKE. In this case, if aggressive mode is enabled, a 1 packet exploit might be possible. A hot fix has been released that addresses the vulnerability and should be applied as soon as practical on VPN-1 devices that face public networks. We've just received confirmation that version 4.1 is NOT affected by this vulnerability.

http://www.checkpoint.com/techsupport/alerts/asn1.html


RADIUS implementations and wireless

One of the other handlers, Joshua Wright, has co-written a note for IETF, highlighting some of the weaknesses in many current implementations of the RADIUS protocol and especially their significance in wireless environments. Unfortunately, many implementations do not fully implement all the recommendations of the RFCs. This has become of greater significance since it can be used as part of a key distribution mechanism in conjunction with the 802.1x wireless protocol. The draft can be found at

http://www.drizzle.com/~aboba/RADEXT/radius_vuln_00.txt


Reminder about home routers

One of our readers, Chris Norton, sent us some information on an experiment that he ran. We won't go into the details today (perhaps in a future diary), but the upshot is a reminder to change default passwords/community strings and when possible disable remote administration capabilities on your home broadband routers.



---------------------------------------------

Jim Clausing, jim.clausing/at/acm.org
Keywords:
0 comment(s)
Diary Archives