| Vulnerability Name: | CVE-2001-1101 (CCN-7095) | ||||||||
| Assigned: | 2001-09-08 | ||||||||
| Published: | 2001-09-08 | ||||||||
| Updated: | 2017-12-19 | ||||||||
| Summary: | The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Sep 07 2001 - 20:40:42 CDT Bug in remote GUI access in CheckPoint Firewall Source: MITRE Type: CNA CVE-2001-1101 Source: CCN Type: Check Point Worldwide Technical Services Download Section Source: CCN Type: OSVDB ID: 4435 Check Point FireWall-1 Log Viewer Arbitrary File Overwrite Source: BUGTRAQ Type: Patch, Vendor Advisory 20010908 Bug in remote GUI access in CheckPoint Firewall Source: BID Type: Vendor Advisory 3303 Source: CCN Type: BID-3303 Check Point Firewall-1 GUI Client Log Viewer Symbolic Link Vulnerability Source: XF Type: UNKNOWN fw1-log-file-overwrite(7095) Source: XF Type: UNKNOWN fw1-log-file-overwrite(7095) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||