Check Point Advisories

Non Compliant IKE (CVE-2002-0852)

Check Point Reference: CPSA-2005-06
Date Published: 5 Jun 2005
Severity: Critical
Last Updated: 5 Jun 2005
Industry Reference:CVE-2002-0852
Protection Provided by:

Security Gateway
R80, R77, R75, R71, R70

Who is Vulnerable?
Vulnerability Description

Protection Overview

This protection enforces the compliance of the IKE protocol to RFC 2409 in terms of payloadtype and length, maximal payload number, and packet length.By enabling "IKE payload enforcement" IPS will perform additional checks on the IKE Security Association payload.The detect mode makes it possible to track IKE protocol violation without blocking the connection.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Non Compliant IKE protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:.

Attack Name:  IKE Enforcement Violation.
Attack Information:  . Invalid IKE Packet. Invalid ISAKMP version. Flags field does not match ISAKMP version. Invalid ISAKMP header length value. Payloads number exceeded. Invalid DOI field in SA payload header. Invalid SIT field in SA payload header. Non-zero reserved field in SA payload header. Key length and encryption algorithm do not match. Number of proposals in SA does not match SA length. Invalid length for an SA attribute. SPI size exceeds proposal. Number of transforms in proposal does not match proposal length. For users of VPN-1 NG with Application Intelligence R55, SmartView Tracker will log rule 99848.

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO