"This is not a theoretical exploit," said Ingevaldson, who added that his team had developed a working exploit. The only glimmer of hope, he said, is that the exploit is not easy to create, even by experienced attackers. "But all it takes is one who can, and then it's out there on the Internet."
Wednesday, Check Point posted a patch for this vulnerability that it recommended be installed immediately by all users of VPN-1/Firewall-1 NG and above. The patch is easy to deploy, said Ingevaldson.
The second ISS-discovered vulnerability lies within Check Point VPN-1 Server and its virtual private networking (VPN) clients, Securemote and SecureClient. The vulnerability exists in the ISAKMP processing in both the server and clients, and if exploited, could result in an attacker gaining access to any client-enabled remote computer, including those in employees' homes.
VPN servers and clients are used by enterprises to offer secure remote access to off-site workers, telecommuters, customers, and partners.
An exploit for this security hole is "trivial to write," claimed Ingevaldson, "and we think that one is being worked on right now. I wouldn't be surprised if it releases fairly soon."
