CVE-1999-0770 - Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allo

CVE-1999-0770

Summary

Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.

References

http://www.osvdb.org/1027
http://www.securityfocus.com/bid/549

Vulnerable Configurations

cpe:2.3:a:checkpoint:firewall-1:3.0:*:*:*:*:*:*:*
cpe:2.3:a:checkpoint:firewall-1:3.0:*:*:*:*:*:*:*
cpe:2.3:a:checkpoint:firewall-1:4.0:*:*:*:*:*:*:*
cpe:2.3:a:checkpoint:firewall-1:4.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 09-09-2008 - 12:35)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	549
bugtraq	19990729 Simple DOS attack on FW-1
checkpoint	ACK DOS ATTACK
osvdb	1027

Last major update

09-09-2008 - 12:35

Published

29-07-1999 - 04:00

Last modified

09-09-2008 - 12:35