var-199910-0020
Vulnerability from variot
Firewall-1 does not properly restrict access to LDAP attributes. With FireWall-1 Version 4.0 Checkpoint introduced support for the Lightweight Directory Access Protocol (LDAP) for user authentication. It looks like there's a bug in Checkpoint's ldap code which under certain circumstances can lead to unauthorized access to protected systems behind the firewall. A user can authenticate himself at the firewall providing a valid username and password. The firewall acts as a ldap client, validating the credentials by a directory server using the ldap protocol. After successful authentication access will be granted to systems protected by the firewall. In contrast to authentication using the Radius or SecurID protocol, after successful authentication the directory server can supply the firewall with additional ldap attributes for the user like the time and day of a week a user is allowed to login, the source addresses a user can run a client from, or the system behind the firewall a user is allowed to access. This can be done individual for each user. In general I think that's a great idea but it seems Checkpoint made something wrong interpreting the ldap attribute 'fw1allowed-dst' which is supposed to control in detail which protected network object a user can access. It seems this attribute is ignored by the firewall software, granting access to all protected network objects instead. Example: ------ Server 'Foo' | Internet --- FW-1 ---| | ------ Server 'Bar' Supposed there's a user 'Sid' with access only to Server 'Foo', and a second user 'Nancy' with access restricted to Server 'Bar', both controlled by the ldap protocol, using the ldap attribute 'fw1allowed-dst'. The bug will cause that both, Sid and Nancy, will have access to Foo and to Bar. [Quoted from the post by Olaf Selke with permission]
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199910-0020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "4.0"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "725"
},
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
},
{
"db": "NVD",
"id": "CVE-1999-0895"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was posted to the Bugtraq mailing list by Olaf Selke \u003colaf.selke@mediaways.net\u003e on Wed, 20 Oct 1999.",
"sources": [
{
"db": "BID",
"id": "725"
},
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
}
],
"trust": 0.9
},
"cve": "CVE-1999-0895",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-1999-0895",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-876",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-0895",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199910-033",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-876",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-876"
},
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
},
{
"db": "NVD",
"id": "CVE-1999-0895"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Firewall-1 does not properly restrict access to LDAP attributes. With FireWall-1 Version 4.0 Checkpoint introduced support for the Lightweight Directory Access Protocol (LDAP) for user authentication. It looks like there\u0027s a bug in Checkpoint\u0027s ldap code which under certain circumstances can lead to unauthorized access to protected systems behind the firewall. \nA user can authenticate himself at the firewall providing a valid username and password. The firewall acts as a ldap client, validating the credentials by a directory server using the ldap protocol. After successful authentication access will be granted to systems protected by the firewall. \nIn contrast to authentication using the Radius or SecurID protocol, after successful authentication the directory server can supply the firewall with additional ldap attributes for the user like the time and day of a week a user is allowed to login, the source addresses a user can run a client from, or the system behind the firewall a user is allowed to access. This can be done individual for each user. \nIn general I think that\u0027s a great idea but it seems Checkpoint made something wrong interpreting the ldap attribute \u0027fw1allowed-dst\u0027 which is supposed to control in detail which protected network object a user can access. \nIt seems this attribute is ignored by the firewall software, granting access to all protected network objects instead. \nExample:\n------ Server \u0027Foo\u0027\n|\nInternet --- FW-1 ---|\n|\n------ Server \u0027Bar\u0027\nSupposed there\u0027s a user \u0027Sid\u0027 with access only to Server \u0027Foo\u0027, and a second user \u0027Nancy\u0027 with access restricted to Server \u0027Bar\u0027, both controlled by the ldap protocol, using the ldap attribute \u0027fw1allowed-dst\u0027. The bug will cause that both, Sid and Nancy, will have access to Foo and to Bar. \n[Quoted from the post by Olaf Selke with permission]",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0895"
},
{
"db": "BID",
"id": "725"
},
{
"db": "VULHUB",
"id": "VHN-876"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "725",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-1999-0895",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "1117",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-199910-033",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "19991020 CHECKPOINT FIREWALL-1 V4.0: POSSIBLE BUG IN LDAP AUTHENTICATION",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-876",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-876"
},
{
"db": "BID",
"id": "725"
},
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
},
{
"db": "NVD",
"id": "CVE-1999-0895"
}
]
},
"id": "VAR-199910-0020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-876"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:15:30.205000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0895"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/725"
},
{
"trust": 2.7,
"url": "http://www.osvdb.org/1117"
},
{
"trust": 2.0,
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=19991020150002.21047.qmail%40tarjan.mediaways.net"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=19991020150002.21047.qmail@tarjan.mediaways.net"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/"
},
{
"trust": 0.3,
"url": "http://www.enteract.com/~lspitz/fwtable.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-876"
},
{
"db": "BID",
"id": "725"
},
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
},
{
"db": "NVD",
"id": "CVE-1999-0895"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-876"
},
{
"db": "BID",
"id": "725"
},
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
},
{
"db": "NVD",
"id": "CVE-1999-0895"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-876"
},
{
"date": "1999-10-20T00:00:00",
"db": "BID",
"id": "725"
},
{
"date": "1999-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199910-033"
},
{
"date": "1999-10-20T04:00:00",
"db": "NVD",
"id": "CVE-1999-0895"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-876"
},
{
"date": "1999-10-20T00:00:00",
"db": "BID",
"id": "725"
},
{
"date": "2006-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199910-033"
},
{
"date": "2024-11-20T23:29:47.593000",
"db": "NVD",
"id": "CVE-1999-0895"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point Firewall - 1 LDAP Verification vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199910-033"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…