Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5849

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-5849
Last Modified 19 Aug 2009 01:22:35
Published 06 Jan 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5849

Summary

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.

Vulnerable Systems

Application

  • Checkpoint Vpn-1 R55

  • Checkpoint Vpn-1 R65


References

MISC - https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl

CONFIRM - https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk36321

XF - vpn1-pat-information-disclosure(46645)

VUPEN - ADV-2008-3229

BID - 32306

MISC - http://www.portcullis-security.com/293.php

SECUNIA - 32728


Last Updated: 27 May 2016 10:48:57