[原文]Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.
Check Point FireWall-1 contains a flaw that may allow attackers access to resources that were intended to be restricted. The issue is due to a flaw in the firewall keyword mechanism and certain keywords being reserved. When a reserved keyword is used, the firewall rule will default to "ANY" which may allow traffic to a resource that was intended to be blocked.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: do not use any of the reserved keywords when creating rules