CVE-2001-1101
CVSS6.4
发布时间 :2001-09-08 00:00:00
修订时间 :2008-09-05 16:25:41
NMCOS    

[原文]The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.


[CNNVD]Check Point Firewall-1 客户端日志查看器符号链接漏洞(CNNVD-200109-023)

        CVE(CAN) ID: CAN-2001-1101
        
        
        
        Check Point Firewall-1是一款流行的商用防火墙产品。
        
        
        
        它存在一个安全问题,允许本地用户覆盖系统文件。FireWall-1在通过日志查看器保存文
        
        件时没有检查文件是否已经存在或是不是链接文件。如果攻击者可以通过图形客户端进行
        
        防火墙管理,他就可以使用日志查看器来覆盖任意的以.log为后缀名的文件。如果攻击者
        
        还有对防火墙的本地普通用户权限,他也可以通过设置一个链接,来覆盖任意系统文件。
        
        这可能造成本地拒绝服务攻击。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:checkpoint:firewall-1:4.1:sp1Checkpoint Firewall-1 1 4.1 SP1
cpe:/a:checkpoint:firewall-1:4.0Checkpoint Firewall-1 4.0
cpe:/a:checkpoint:firewall-1:4.1Checkpoint Firewall-1 4.1
cpe:/a:checkpoint:firewall-1:3.0Checkpoint Firewall-1 3.0
cpe:/a:checkpoint:firewall-1:4.1:sp2Checkpoint Firewall-1 1 4.1 SP2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1101
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1101
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200109-023
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/212826
(VENDOR_ADVISORY)  BUGTRAQ  20010908 Bug in remote GUI access in CheckPoint Firewall
http://xforce.iss.net/static/7095.php
(VENDOR_ADVISORY)  XF  fw1-log-file-overwrite(7095)
http://www.securityfocus.com/bid/3303
(VENDOR_ADVISORY)  BID  3303

- 漏洞信息

Check Point Firewall-1 客户端日志查看器符号链接漏洞
中危 其他
2001-09-08 00:00:00 2006-01-04 00:00:00
本地  
        CVE(CAN) ID: CAN-2001-1101
        
        
        
        Check Point Firewall-1是一款流行的商用防火墙产品。
        
        
        
        它存在一个安全问题,允许本地用户覆盖系统文件。FireWall-1在通过日志查看器保存文
        
        件时没有检查文件是否已经存在或是不是链接文件。如果攻击者可以通过图形客户端进行
        
        防火墙管理,他就可以使用日志查看器来覆盖任意的以.log为后缀名的文件。如果攻击者
        
        还有对防火墙的本地普通用户权限,他也可以通过设置一个链接,来覆盖任意系统文件。
        
        这可能造成本地拒绝服务攻击。
        
        
        
        

- 公告与补丁

        
        
        临时解决方法:
        
        
        
        不要给不可信用户以防火墙的管理员口令。
        
        
        
        厂商补丁:
        
        
        
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商
        
        的主页以获取最新版本:
        
        
        http://www.checkpoint.com/products/firewall-1/

- 漏洞信息

4435
Check Point FireWall-1 Log Viewer Arbitrary File Overwrite
Local Access Required, Remote / Network Access Denial of Service
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

Check Point FireWall-1 contains a flaw that allows a remote authenticated user to overwrite arbitrary files with the .log file extension. The issue is due to the administrative interface not properly verifying the existance of a file before writing a new one. A local user on the FireWall-1 machine can use this same flaw along with symlink files to overwrite root owned files creating a denial of service.

- 时间线

2001-09-07 2001-01-30
2001-09-07 Unknow

- 解决方案

Upgrade to version 4.1 SP4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Check Point Firewall-1 GUI Client Log Viewer Symbolic Link Vulnerability
Origin Validation Error 3303
No Yes
2001-09-08 12:00:00 2009-07-11 07:56:00
This vulnerability was announced by Alan Darien <adarien@securetrendz.com> via Bugtraq on September 8, 2001.

- 受影响的程序版本

Check Point Software Firewall-1 4.1 SP2
Check Point Software Firewall-1 4.1 SP1
Check Point Software Firewall-1 4.1
Check Point Software Firewall-1 4.0
Check Point Software Firewall-1 3.0
Check Point Software Firewall-1 4.1 SP4

- 不受影响的程序版本

Check Point Software Firewall-1 4.1 SP4

- 漏洞讨论

Check Point Firewall-1 is a commercial firewall implementation designed for small to enterprise sized networks.

A problem with Firewall-1 makes it possible for a local user to overwrite critical system files. Firewall-1 does not check for the existance of files when saving files through the Log Viewer function. Log Viewer will overwrite files ending in the .log extension, and will following symbolic links to corrupt root-owned files.

This makes it possible for a user with administrative access to Firewall-1 and local shell access to deny service to legitimate users of the system.

- 漏洞利用

No exploit is required for this vulnerability.

- 解决方案

Upgrade to Check Point FireWall-1 version 4.1 Service Pack 2 or later.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站