Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1102

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2001-1102
Last Modified 05 Sep 2008 04:25:41
Published 08 Sep 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2001-1102

Summary

Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.

Vulnerable Systems

Application

  • Checkpoint Firewall-1 3.0

  • Checkpoint Firewall-1 4.0

  • Checkpoint Firewall-1 4.1


References

XF - fw1-tmp-file-symlink(7094)

BID - 3300

BUGTRAQ - 20010908 Bug in compile portion for older versions of CheckPoint Firewalls


Last Updated: 27 May 2016 10:36:31