QwikSec

Security Database

CVE

CWE

Training

CVE-2008-5849

Published: Jan 6, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk36321

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vpn1-pat-information-disclosure(46645)

vdb-entry

x_refsource_XF

http://www.portcullis-security.com/293.php

x_refsource_MISC

vdb-entry

x_refsource_BID

https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.