Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Check Point Firewall-1 客户端日志查看器符号链接漏洞
Vulnerability Description
CVE(CAN) ID: CAN-2001-1101 Check Point Firewall-1是一款流行的商用防火墙产品。 它存在一个安全问题,允许本地用户覆盖系统文件。FireWall-1在通过日志查看器保存文 件时没有检查文件是否已经存在或是不是链接文件。如果攻击者可以通过图形客户端进行 防火墙管理,他就可以使用日志查看器来覆盖任意的以.log为后缀名的文件。如果攻击者 还有对防火墙的本地普通用户权限,他也可以通过设置一个链接,来覆盖任意系统文件。 这可能造成本地拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A