Check Point Software's popular firewall and VPN software could allow an attacker to gain entrance to enterprise networks, crash computers, and otherwise wreak havoc, US-based Internet Security Systems (ISS) has claimed.
Dan Ingevaldson, director of research at ISS, said hackers are specifically targeting hammer security software, firewalls, and intrusion detection systems.
'Attackers now have only a few choices when they target hardened systems,' said Ingevaldson. 'Firewalls and other security software have done a pretty good job of blocking attacks, but the end result is that hackers are focusing their efforts on security systems themselves.'
ISS has found a flaw in Check Point's Firewall-1 that stems from the HTTP Application Intelligence (AI) designed to prevent potential attacks or detect protocol anomalies aimed at servers behind the firewall.
The flaw also exists in the HTTP Security Server applications proxy that ships with all versions of Firewall-1.
Attackers could use this vulnerability to compromise even heavily hardened networks protected by Check Point's firewall, allowing them to tamper with the firewall settings and access machines on the network.
'This is not a theoretical exploit,' said Ingevaldson, adding that his team had developed a working exploit. The only glimmer of hope, he said, is that the exploit is not easy to create, even by experienced attackers. 'But all it takes is one who can, and then it's out there on the internet.'
Check Point has posted a patch for this vulnerability, recommended for immediate installation by all users of VPN-1/Firewall-1 NG and above. The patch is easy to deploy, said Ingevaldson.
ISS has also discovered a vulnerability in Check Point VPN-1 Server and its virtual private networking (VPN) clients, Securemote and SecureClient.
The vulnerability exists in the ISAKMP processing in both the server and clients, and if exploited, could result in an attacker gaining access to any client-enabled remote computer, including those in employees' homes.
VPN servers and clients are used by enterprises to offer secure remote access to off-site workers, telecommuters, customers, and their business partners.
An exploit for this security hole is 'trivial to write', claimed Ingevaldson, 'and we think that one is being worked on right now. I wouldn't be surprised if it releases fairly soon.'
Check Point will not patch this vulnerability, since the software is no longer supported. Instead, the company, which has been migrating users of that software to its Firewall-1 NG line, recommends that customers upgrade.
'But from our conversations with users,' said Ingevaldson, 'there are still quite a few who are using the older software.'
Check Point dominates the enterprise firewall and VPN markets. Research firm IDC, for instance, has pegged Check Point's worldwide share at 54 percent of the firewall and VPN market, while Ingevaldson estimated that number may actually be as high as 70 percent.
'These are critical vulnerabilities if they're exploited,' Ingevaldson said. 'Once the hacker controls the gatekeeper, the game's over.'
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
