CVE-1999-0895
CVSS7.5
发布时间 :1999-10-20 00:00:00
修订时间 :2008-09-09 08:36:08
NMCO    

[原文]Firewall-1 does not properly restrict access to LDAP attributes.


[CNNVD]Check Point防火墙- 1 LDAP验证漏洞(CNNVD-199910-033)

        Firewall-1不能准确地限制LDAP属性的访问。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0895
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0895
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199910-033
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net
(UNKNOWN)  BUGTRAQ  19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
http://www.securityfocus.com/bid/725
(UNKNOWN)  BID  725
http://www.osvdb.org/1117
(UNKNOWN)  OSVDB  1117

- 漏洞信息

Check Point防火墙- 1 LDAP验证漏洞
高危 访问验证错误
1999-10-20 00:00:00 2006-01-04 00:00:00
远程  
        Firewall-1不能准确地限制LDAP属性的访问。
        

- 公告与补丁

        Check Point Support emailed the following information to vuldb@securityfocus.com:
        Resolution: After investigation, Check Point Software confirms this as the appropriate behavior with "standard" checked in "Required Sign On" field under "Client Authentication". In other words, when using "standard" sign-on, the "Destination" field under "Client Authentication" properties cannot be intersected with the user database property which defines user access to specific destinations. Accordingly, the "Destination" field is grayed out in the Client Authentication Action Properties. This information is documented on Page 534 of VPN-1/FW-1 Administration Guide where it is stated that under such circumstances, the "Destination" field is automatically set to "Ignore User Database" and that the user can access all destinations allowed by the rule. The VPN-1/FW-1 GUI can cause confusion because it simply grays out the value set in "Destination" field instead of setting it to "Ignore User Database". But internally, the "Destination" value is set to "Ignore User Database". The GUI will be amended in the subsequent release of VPN-1/FW-1 to make this more clear. It is important to note that the "Source" field can be intersected with user database even if standard sign-on is selected under Client Authentication.
        Also, this behavior is independent of whether the user is defined in VPN-1/FW-1 internal database or an external LDAP-complaint directory server.
        If one would like to enforce the "allowed-destinations" attribute (defined for each user) under Client Authentication Rule, the "Required Sign On" field must be set to "Specific", and an appropriate Sign-On Method should be selected.
        This limitation does not exist under User Authentication Rules.

- 漏洞信息

1117
Check Point FireWall-1 LDAP fw1allowed-dst Access
Remote / Network Access Misconfiguration
Loss of Confidentiality
Exploit Public

- 漏洞描述

Check Point FireWall-1 was reported to have a flaw that allowed LDAP authenticated users to access more resources than the firewall was intended to allow. The issue is due to the "fw1allowed-dst" rule apparently ignoring the LDAP attribute and granting access to "any" instead. Check Point has responded that this is the desired behavior and working as intended.

- 时间线

1999-10-20 Unknow
Unknow Unknow

- 解决方案

At this time there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站