CVE-2002-0428
CVSS7.5
发布时间 :2002-08-12 00:00:00
修订时间 :2008-09-05 16:28:00
NMCOS    

[原文]Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.


[CNNVD]Check Point FW-1 SecuClient/SecuRemote客户端设计漏洞(CNNVD-200208-186)

        
        Check Point Firewall-1是一个由Checkpoint公司开发的流行的防火墙软件包。SecuClient/SecuRemote是Firewall-1产品中的VPN-1实现。
        SecuClient/SecuRemote设计上存在问题,允许客户机本地攻击者绕过某些服务端的设置。
        SecuClient/SecuRemote允许服务器设置缓存认证信息的时限,超过设置的时限就强迫再次进行登录。设置的时限值存放在客户机系统中并且可以被客户上的用户修改,如果安全策略设置了一个时限值,恶意用户可能通过修改储存在本地机器上的时限值来绕过此策略。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:checkpoint:firewall-1:4.1:sp1Checkpoint Firewall-1 1 4.1 SP1
cpe:/a:checkpoint:check_point_vpn:1_4.1_sp1
cpe:/a:checkpoint:firewall-1:4.0Checkpoint Firewall-1 4.0
cpe:/a:checkpoint:check_point_vpn:1_4.1_sp4
cpe:/a:checkpoint:firewall-1:4.0:sp4
cpe:/a:checkpoint:firewall-1:4.0:sp1
cpe:/a:checkpoint:firewall-1:4.0:sp3
cpe:/a:checkpoint:firewall-1:4.1:sp2Checkpoint Firewall-1 1 4.1 SP2
cpe:/a:checkpoint:firewall-1:4.0:sp6
cpe:/a:checkpoint:check_point_vpn:1_4.1
cpe:/a:checkpoint:firewall-1:4.0:sp7
cpe:/a:checkpoint:firewall-1:4.0:sp5
cpe:/a:checkpoint:firewall-1:4.1Checkpoint Firewall-1 4.1
cpe:/a:checkpoint:check_point_vpn:1_4.1_sp3
cpe:/a:checkpoint:firewall-1:4.0:sp8
cpe:/a:checkpoint:next_generationCheckpoint Next Generation
cpe:/a:checkpoint:firewall-1:4.0:sp2
cpe:/a:checkpoint:firewall-1:4.1:sp5Checkpoint Firewall-1 1 4.1 SP5
cpe:/a:checkpoint:firewall-1:4.1:sp4Checkpoint Firewall-1 1 4.1 SP4
cpe:/a:checkpoint:check_point_vpn:1_4.1_sp2
cpe:/a:checkpoint:firewall-1:4.1:sp3Checkpoint Firewall-1 1 4.1 SP3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0428
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0428
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-186
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4253
(VENDOR_ADVISORY)  BID  4253
http://www.iss.net/security_center/static/8423.php
(VENDOR_ADVISORY)  XF  fw1-authentication-bypass-timeouts(8423)
http://online.securityfocus.com/archive/1/260662
(VENDOR_ADVISORY)  BUGTRAQ  20020308 Checkpoint FW1 SecuRemote/SecureClient "re-authentication" (client side hacks of users.C)

- 漏洞信息

Check Point FW-1 SecuClient/SecuRemote客户端设计漏洞
高危 设计错误
2002-08-12 00:00:00 2006-09-05 00:00:00
本地  
        
        Check Point Firewall-1是一个由Checkpoint公司开发的流行的防火墙软件包。SecuClient/SecuRemote是Firewall-1产品中的VPN-1实现。
        SecuClient/SecuRemote设计上存在问题,允许客户机本地攻击者绕过某些服务端的设置。
        SecuClient/SecuRemote允许服务器设置缓存认证信息的时限,超过设置的时限就强迫再次进行登录。设置的时限值存放在客户机系统中并且可以被客户上的用户修改,如果安全策略设置了一个时限值,恶意用户可能通过修改储存在本地机器上的时限值来绕过此策略。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 对客户端的访问设置过滤,确信只有可信用户可以使用。
        厂商补丁:
        Check Point Software
        --------------------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.checkpoint.com/

- 漏洞信息

4430
Check Point FireWall-1 Authentication Timeout Bypass
Remote / Network Access Input Manipulation, Misconfiguration
Loss of Integrity
Exploit Public

- 漏洞描述

Check Point FireWall-1 contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to a flaw in the "Validation timeout" option which requires remote users to re-authenticate after a set time. If a remote user authenticates using SecuRemote or SecuClient the attacker can bypass authentication by modifying the "usersc.C" file.

- 时间线

2002-03-08 Unknow
2002-03-08 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Check Point FW-1 SecuClient/SecuRemote Client Design Vulnerability
Design Error 4253
No Yes
2002-03-08 12:00:00 2009-07-11 10:56:00
This issue was reported to BugTraq by Cedric Amand <mailing-lists@cedric.net>.

- 受影响的程序版本

Check Point Software VPN-1 4.1 SP4
Check Point Software VPN-1 4.1 SP3
Check Point Software VPN-1 4.1 SP2
Check Point Software VPN-1 4.1 SP1
Check Point Software VPN-1 4.1
Check Point Software Nokia Voyager 4.1
Check Point Software Firewall-1 4.1 SP5
Check Point Software Firewall-1 4.1 SP4
Check Point Software Firewall-1 4.1 SP3
Check Point Software Firewall-1 4.1 SP2
Check Point Software Firewall-1 4.1 SP1
Check Point Software Firewall-1 4.1
Check Point Software Firewall-1 4.0 SP8
Check Point Software Firewall-1 4.0 SP7
Check Point Software Firewall-1 4.0 SP6
Check Point Software Firewall-1 4.0 SP5
Check Point Software Firewall-1 4.0 SP4
Check Point Software Firewall-1 4.0 SP3
Check Point Software Firewall-1 4.0 SP2
Check Point Software Firewall-1 4.0 SP1
Check Point Software Firewall-1 4.0

- 漏洞讨论

Check Point Firewall-1 is a popular firewall package available from Checkpoint Software Technologies. SecuClient/SecuRemote are VPN-1 implementations for Check Point Firewall-1 products.

It is possible to configure a timeout value for cached user credentials. This value is stored on client systems and can be modified by users of client systems. If security policy includes a time limit on cached credentials, malicious authenticated users may bypass the policy by modifying the value.

Depending on the operating system of the client host, local administrative privileges on the client host may be required to modify the configuration file.

In addition to the timeout values, other sensitive information is reportedly stored on client systems. Further details are not known at this time.

- 漏洞利用

This issue may be trivially exploited by an attacker who can read from or write to 'users.C'.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站