Vulnerability Description
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Firewall-1 | 3.0 |
References
- http://www.securityfocus.com/archive/1/212826PatchVendor Advisory
- http://www.securityfocus.com/bid/3303Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7095
- http://www.securityfocus.com/archive/1/212826PatchVendor Advisory
- http://www.securityfocus.com/bid/3303Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7095
FAQ
What is CVE-2001-1101?
CVE-2001-1101 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated use...
How severe is CVE-2001-1101?
CVE-2001-1101 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1101?
Check the references section above for vendor advisories and patch information. Affected products include: Checkpoint Firewall-1.