Details of VAR-199910-0020

ID

VAR-199910-0020

CVE

CVE-1999-0895

TITLE

Check Point Firewall - 1 LDAP Verification vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199910-033

DESCRIPTION

Firewall-1 does not properly restrict access to LDAP attributes. With FireWall-1 Version 4.0 Checkpoint introduced support for the Lightweight Directory Access Protocol (LDAP) for user authentication. It looks like there's a bug in Checkpoint's ldap code which under certain circumstances can lead to unauthorized access to protected systems behind the firewall. A user can authenticate himself at the firewall providing a valid username and password. The firewall acts as a ldap client, validating the credentials by a directory server using the ldap protocol. After successful authentication access will be granted to systems protected by the firewall. In contrast to authentication using the Radius or SecurID protocol, after successful authentication the directory server can supply the firewall with additional ldap attributes for the user like the time and day of a week a user is allowed to login, the source addresses a user can run a client from, or the system behind the firewall a user is allowed to access. This can be done individual for each user. In general I think that's a great idea but it seems Checkpoint made something wrong interpreting the ldap attribute 'fw1allowed-dst' which is supposed to control in detail which protected network object a user can access. It seems this attribute is ignored by the firewall software, granting access to all protected network objects instead. Example: ------ Server 'Foo' | Internet --- FW-1 ---| | ------ Server 'Bar' Supposed there's a user 'Sid' with access only to Server 'Foo', and a second user 'Nancy' with access restricted to Server 'Bar', both controlled by the ldap protocol, using the ldap attribute 'fw1allowed-dst'. The bug will cause that both, Sid and Nancy, will have access to Foo and to Bar. [Quoted from the post by Olaf Selke with permission]

Trust: 1.26

sources: NVD: CVE-1999-0895 // BID: 725 // VULHUB: VHN-876

AFFECTED PRODUCTS

vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.0	Trust: 1.6
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	ne	version:	3.0	Trust: 0.3

sources: BID: 725 // CNNVD: CNNVD-199910-033 // NVD: CVE-1999-0895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0895
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-199910-033
value:	HIGH
Trust: 0.6
VULHUB:	VHN-876
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-0895
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-876
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-876 // CNNVD: CNNVD-199910-033 // NVD: CVE-1999-0895

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0895

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199910-033

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-199910-033

EXTERNAL IDS

db:	BID	id:	725	Trust: 2.0
db:	NVD	id:	CVE-1999-0895	Trust: 1.7
db:	OSVDB	id:	1117	Trust: 1.7
db:	CNNVD	id:	CNNVD-199910-033	Trust: 0.7
db:	BUGTRAQ	id:	19991020 CHECKPOINT FIREWALL-1 V4.0: POSSIBLE BUG IN LDAP AUTHENTICATION	Trust: 0.6
db:	VULHUB	id:	VHN-876	Trust: 0.1

sources: VULHUB: VHN-876 // BID: 725 // CNNVD: CNNVD-199910-033 // NVD: CVE-1999-0895

REFERENCES

url:	http://www.securityfocus.com/bid/725	Trust: 1.7
url:	http://www.osvdb.org/1117	Trust: 1.7
url:	http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail%40tarjan.mediaways.net	Trust: 1.0
url:	http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net	Trust: 0.7
url:	http://www.checkpoint.com/techsupport/	Trust: 0.3
url:	http://www.enteract.com/~lspitz/fwtable.html	Trust: 0.3
url:	-	Trust: 0.1

sources: VULHUB: VHN-876 // BID: 725 // CNNVD: CNNVD-199910-033 // NVD: CVE-1999-0895

CREDITS

This vulnerability was posted to the Bugtraq mailing list by Olaf Selke <olaf.selke@mediaways.net> on Wed, 20 Oct 1999.

Trust: 0.9

sources: BID: 725 // CNNVD: CNNVD-199910-033

SOURCES

db:	VULHUB	id:	VHN-876
db:	BID	id:	725
db:	CNNVD	id:	CNNVD-199910-033
db:	NVD	id:	CVE-1999-0895

LAST UPDATE DATE

2024-08-14T15:15:18.568000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-876	date:	2008-09-09T00:00:00
db:	BID	id:	725	date:	1999-10-20T00:00:00
db:	CNNVD	id:	CNNVD-199910-033	date:	2006-01-04T00:00:00
db:	NVD	id:	CVE-1999-0895	date:	2023-11-07T01:55:04.473

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-876	date:	1999-10-20T00:00:00
db:	BID	id:	725	date:	1999-10-20T00:00:00
db:	CNNVD	id:	CNNVD-199910-033	date:	1999-10-20T00:00:00
db:	NVD	id:	CVE-1999-0895	date:	1999-10-20T04:00:00