Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1101

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2001-1101
Last Modified 05 Sep 2008 04:25:41
Published 08 Sep 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1101

Summary

The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.

Vulnerable Systems

Application

  • Checkpoint Firewall-1 3.0

  • Checkpoint Firewall-1 4.0

  • Checkpoint Firewall-1 4.1


References

BUGTRAQ - 20010908 Bug in remote GUI access in CheckPoint Firewall

XF - fw1-log-file-overwrite(7095)

BID - 3303


Last Updated: 27 May 2016 10:36:31