SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   Provider-1 Vendors:   Check Point
Check Point Provider-1 Lets Local Users Overwrite Files in Certain Cases
SecurityTracker Alert ID:  1025792
SecurityTracker URL:  http://securitytracker.com/id/1025792
CVE Reference:   CVE-2011-2664   (Links to External Site)
Updated:  Aug 16 2011
Original Entry Date:  Jul 18 2011
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): NGX R65, R70, R71, R75
Description:   A vulnerability was reported in Check Point Multi-Domain Management/Provider-1. A local user can overwrite files on the target system in certain cases.

A local user on the Multi-Domain Server (MDS) can overwrite a file on the target MDS system to gain control of the SofaWare Management Server configuration.

A Security Management server may also be vulnerable, but only during installation.

Windows Security Management servers are not affected.

The vendor was notified on August 18, 2010.

The original advisory is available at:

http://wadofstuff.blogspot.com/2011/08/security-advisory-symlink-following-and.html

Matthew Flanagan reported this vulnerability.

Impact:   A local user can gain control of the SofaWare Management Server configuration.
Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk63565

Vendor URL:  supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk63565 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC