Details of VAR-200003-0048

ID

VAR-200003-0048

CVE

CVE-2000-0181

TITLE

Check Point Firewall-1 Internal address leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200003-023

DESCRIPTION

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. A vulnerability exists in which Checkpoint Firewall-1 will expose internal addresses to machines outside the network. Under seemingly normal load conditions, according to the poster of this vulnerability, 40% CPU utilization with 200+ active connections, Firewall-1 will attempt to establish connections utilizing the internal address. As this address is either non-routable, or internal, a retransmission will occur; this packet will have the correct address rewritten, but will use the same source port. This may be particularly useful to attackers conducting client side attacks. These problems have been seen on both NT and Solaris versions of FW-1, although the poster indicated that not enough data was available to directly state the Solaris version was vulnerable in the same ways, or to the same degrees

Trust: 1.35

sources: NVD: CVE-2000-0181 // BID: 1054 // VULHUB: VHN-1760 // VULMON: CVE-2000-0181

AFFECTED PRODUCTS

vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.0	Trust: 1.6
vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	3.0	Trust: 1.6
vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.1	Trust: 1.6
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 1054 // CNNVD: CNNVD-200003-023 // NVD: CVE-2000-0181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0181
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200003-023
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-1760
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2000-0181
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2000-0181
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-1760
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1760 // VULMON: CVE-2000-0181 // CNNVD: CNNVD-200003-023 // NVD: CVE-2000-0181

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200003-023

TYPE

Design Error

Trust: 0.9

sources: BID: 1054 // CNNVD: CNNVD-200003-023

EXTERNAL IDS

db:	BID	id:	1054	Trust: 2.1
db:	OSVDB	id:	1256	Trust: 1.8
db:	NVD	id:	CVE-2000-0181	Trust: 1.8
db:	CNNVD	id:	CNNVD-200003-023	Trust: 0.7
db:	BUGTRAQ	id:	20000311 OUR OLD FRIEND FIREWALL-1	Trust: 0.6
db:	VULHUB	id:	VHN-1760	Trust: 0.1
db:	VULMON	id:	CVE-2000-0181	Trust: 0.1

sources: VULHUB: VHN-1760 // VULMON: CVE-2000-0181 // BID: 1054 // CNNVD: CNNVD-200003-023 // NVD: CVE-2000-0181

REFERENCES

url:	http://www.securityfocus.com/bid/1054	Trust: 1.8
url:	http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html	Trust: 1.8
url:	http://www.osvdb.org/1256	Trust: 1.8
url:	http://www.checkpoint.com/techsupport/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-1760 // VULMON: CVE-2000-0181 // BID: 1054 // CNNVD: CNNVD-200003-023 // NVD: CVE-2000-0181

CREDITS

This vulnerability was posted to the Bugtraq mailing list by Chris Brenton <cbrenton@sover.net> on March 11, 2000.

Trust: 0.9

sources: BID: 1054 // CNNVD: CNNVD-200003-023

SOURCES

db:	VULHUB	id:	VHN-1760
db:	VULMON	id:	CVE-2000-0181
db:	BID	id:	1054
db:	CNNVD	id:	CNNVD-200003-023
db:	NVD	id:	CVE-2000-0181

LAST UPDATE DATE

2024-08-14T15:45:53.541000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1760	date:	2008-09-10T00:00:00
db:	VULMON	id:	CVE-2000-0181	date:	2008-09-10T00:00:00
db:	BID	id:	1054	date:	2000-03-11T00:00:00
db:	CNNVD	id:	CNNVD-200003-023	date:	2006-01-04T00:00:00
db:	NVD	id:	CVE-2000-0181	date:	2008-09-10T19:03:15.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1760	date:	2000-03-11T00:00:00
db:	VULMON	id:	CVE-2000-0181	date:	2000-03-11T00:00:00
db:	BID	id:	1054	date:	2000-03-11T00:00:00
db:	CNNVD	id:	CNNVD-200003-023	date:	2000-03-11T00:00:00
db:	NVD	id:	CVE-2000-0181	date:	2000-03-11T05:00:00