Log Viewer File Overwrite in Check Point FireWall-1 GUI for Solaris
CVE-2001-1101

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Firewall-1
Vendor: CVE Published:; 8 September 2001

Summary

The Log Viewer component of the Check Point FireWall-1 GUI for Solaris versions 3.0b through 4.1 SP2 contains a flaw that allows remote authenticated users to overwrite arbitrary files with a '.log' extension. Furthermore, local users can exploit a symlink attack to manipulate file overrides. This lack of validation when saving logs presents security risks by enabling unauthorized access to critical system files.

References

http://www.securityfocus.com/archive/1/212826

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/3303

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/7095

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Mar 15, 2002
Vulnerability published
Sep 8, 2001