Ispravljen je sigurnosni nedostatak vezan uz Check Point SSL VPN On-Demand aplikacije koji udaljenim napadačima omogućuje izvršavanje proizvoljnog, programskog koda.

Check Point SSL VPN On-Demand Applications "Secure Workspace" Insecure Methods Vulnerability
Secunia Advisory 	SA45575 	

Release Date 	2011-08-10
Last Update 	2011-08-11
Criticality level 	Highly criticalHighly critical
Impact 	System access
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	Check Point Connectra Appliances
	Check Point SecurePlatform

Software:	
	Check Point SSL Network Extender
	SSL Network Extender ActiveX Control 5.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2011-1827 CVSS available in Customer Area
	   	

Description

A vulnerability have been reported in Check Point SSL VPN On-Demand applications, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to certain insecure methods (e.g. "dwnldFile" and "runCmd") within the "Secure Workspace" component in the helper application (e.g. "Check Point Deployment Agent" ActiveX control). This can be exploited to e.g. overwrite and execute the "CPSWS.exe" file in the context of the currently logged-on user.

Successful exploitation may allow execution of arbitrary code.

Please see the vendor's advisory for a list of affected versions.

Solution
Apply updates. Please see the vendor's advisory for details.

Provided and/or discovered by
Johannes Greil, SEC Consult.

Changelog
Further details available in Customer Area

Original Advisory
Check Point:
https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410

SEC Consult:
https://www.sec-consult.com/files/20110810-0_checkpoint_deployment_agent_remote_file_upload_and_cmd_exec_CVE-2011-1827.txt