ID

VAR-200003-0048


CVE

CVE-2000-0181


TITLE

Check Point Firewall-1 Internal address leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200003-023

DESCRIPTION

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. A vulnerability exists in which Checkpoint Firewall-1 will expose internal addresses to machines outside the network. Under seemingly normal load conditions, according to the poster of this vulnerability, 40% CPU utilization with 200+ active connections, Firewall-1 will attempt to establish connections utilizing the internal address. As this address is either non-routable, or internal, a retransmission will occur; this packet will have the correct address rewritten, but will use the same source port. This may be particularly useful to attackers conducting client side attacks. These problems have been seen on both NT and Solaris versions of FW-1, although the poster indicated that not enough data was available to directly state the Solaris version was vulnerable in the same ways, or to the same degrees

Trust: 1.35

sources: NVD: CVE-2000-0181 // BID: 1054 // VULHUB: VHN-1760 // VULMON: CVE-2000-0181

AFFECTED PRODUCTS

vendor:checkpointmodel:firewall-1scope:eqversion:4.0

Trust: 1.6

vendor:checkpointmodel:firewall-1scope:eqversion:3.0

Trust: 1.6

vendor:checkpointmodel:firewall-1scope:eqversion:4.1

Trust: 1.6

vendor:checkmodel:point software firewall-1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1scope:eqversion:4.0

Trust: 0.3

vendor:checkmodel:point software firewall-1scope:eqversion:3.0

Trust: 0.3

sources: BID: 1054 // CNNVD: CNNVD-200003-023 // NVD: CVE-2000-0181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0181
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200003-023
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1760
value: MEDIUM

Trust: 0.1

VULMON: CVE-2000-0181
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0181
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-1760
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1760 // VULMON: CVE-2000-0181 // CNNVD: CNNVD-200003-023 // NVD: CVE-2000-0181

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200003-023

TYPE

Design Error

Trust: 0.9

sources: BID: 1054 // CNNVD: CNNVD-200003-023

EXTERNAL IDS

db:BIDid:1054

Trust: 2.1

db:OSVDBid:1256

Trust: 1.8

db:NVDid:CVE-2000-0181

Trust: 1.8

db:CNNVDid:CNNVD-200003-023

Trust: 0.7

db:BUGTRAQid:20000311 OUR OLD FRIEND FIREWALL-1

Trust: 0.6

db:VULHUBid:VHN-1760

Trust: 0.1

db:VULMONid:CVE-2000-0181

Trust: 0.1

sources: VULHUB: VHN-1760 // VULMON: CVE-2000-0181 // BID: 1054 // CNNVD: CNNVD-200003-023 // NVD: CVE-2000-0181

REFERENCES

url:http://www.securityfocus.com/bid/1054

Trust: 2.8

url:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html

Trust: 2.8

url:http://www.osvdb.org/1256

Trust: 2.8

url:http://www.checkpoint.com/techsupport/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-1760 // VULMON: CVE-2000-0181 // BID: 1054 // CNNVD: CNNVD-200003-023 // NVD: CVE-2000-0181

CREDITS

This vulnerability was posted to the Bugtraq mailing list by Chris Brenton <cbrenton@sover.net> on March 11, 2000.

Trust: 0.9

sources: BID: 1054 // CNNVD: CNNVD-200003-023

SOURCES

db:VULHUBid:VHN-1760
db:VULMONid:CVE-2000-0181
db:BIDid:1054
db:CNNVDid:CNNVD-200003-023
db:NVDid:CVE-2000-0181

LAST UPDATE DATE

2024-11-22T23:05:58.542000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1760date:2008-09-10T00:00:00
db:VULMONid:CVE-2000-0181date:2008-09-10T00:00:00
db:BIDid:1054date:2000-03-11T00:00:00
db:CNNVDid:CNNVD-200003-023date:2006-01-04T00:00:00
db:NVDid:CVE-2000-0181date:2024-11-20T23:31:54.127

SOURCES RELEASE DATE

db:VULHUBid:VHN-1760date:2000-03-11T00:00:00
db:VULMONid:CVE-2000-0181date:2000-03-11T00:00:00
db:BIDid:1054date:2000-03-11T00:00:00
db:CNNVDid:CNNVD-200003-023date:2000-03-11T00:00:00
db:NVDid:CVE-2000-0181date:2000-03-11T05:00:00