Sign-up

ID

VAR-200607-0417


CVE

CVE-2006-3885


TITLE

Check Point Firewall-1 R55W Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2006-002923

DESCRIPTION

Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264. Checkpoint FireWall-1 is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Information obtained may aid in further attacks. R55W HFA2 and prior versions are vulnerable to this issue. Check Point Firewall-1 is a high-performance firewall. This vulnerability can be exploited via basic HEX-encoded directory traversal strings. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Check Point VPN/Firewall Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA21200 VERIFY ADVISORY: http://secunia.com/advisories/21200/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Check Point VPN-1/FireWall-1 NG with Application Intelligence (AI) http://secunia.com/product/2542/ DESCRIPTION: Pete Foster has reported a vulnerability in Check Point VPN-1/Firewall-1, which can be exploited by malicious people to disclose certain sensitive information. An input validation error in the hard coded web server (port 18264/TCP) can be exploited to disclose the contents of certain files via directory traversal attacks. SOLUTION: The vulnerability has reportedly been fixed in version R55W HFA03. PROVIDED AND/OR DISCOVERED BY: Pete Foster ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2006-07/0419.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-3885 // JVNDB: JVNDB-2006-002923 // BID: 19136 // VULHUB: VHN-19993 // PACKETSTORM: 48608

AFFECTED PRODUCTS

vendor:checkpointmodel:firewall-1scope:eqversion:r55w

Trust: 1.6

vendor:check pointmodel:firewall-1scope:ltversion:r55w

Trust: 0.8

vendor:check pointmodel:firewall-1scope:eqversion:hfa03

Trust: 0.8

vendor:checkmodel:point software firewall-1 r55w hfa2scope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 r55w hfa1scope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 r55wscope: - version: -

Trust: 0.3

vendor:checkmodel:point software firewall-1 r55w hfa3scope:neversion: -

Trust: 0.3

sources: BID: 19136 // JVNDB: JVNDB-2006-002923 // CNNVD: CNNVD-200607-451 // NVD: CVE-2006-3885

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3885
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-3885
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200607-451
value: MEDIUM

Trust: 0.6

VULHUB: VHN-19993
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-3885
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-19993
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-19993 // JVNDB: JVNDB-2006-002923 // CNNVD: CNNVD-200607-451 // NVD: CVE-2006-3885

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3885

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-451

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200607-451

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002923

PATCH
title:Latest Hotfix Accumulators (HFAs)url:http://www.checkpoint.com/downloads/latest/hfa/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002923

EXTERNAL IDS
db:NVDid:CVE-2006-3885
Trust: 2.5
db:BIDid:19136
Trust: 2.0
db:SECUNIAid:21200
Trust: 1.8
db:VUPENid:ADV-2006-2965
Trust: 1.7
db:SREASONid:1290
Trust: 1.7
db:SECTRACKid:1016563
Trust: 1.7
db:JVNDBid:JVNDB-2006-002923
Trust: 0.8
db:CNNVDid:CNNVD-200607-451
Trust: 0.7
db:XFid:27937
Trust: 0.6
db:XFid:1
Trust: 0.6
db:BUGTRAQid:20060726 RE: CHECK POINT R55W DIRECTORY TRAVERSAL
Trust: 0.6
db:BUGTRAQid:20060724 CHECK POINT R55W DIRECTORY TRAVERSAL
Trust: 0.6
db:VULHUBid:VHN-19993
Trust: 0.1
db:PACKETSTORMid:48608
Trust: 0.1
sources:
            
            
            VULHUB: VHN-19993 // 
            
            
            
            BID: 19136 // 
            
            
            
            JVNDB: JVNDB-2006-002923 // 
            
            
            
            PACKETSTORM: 48608 // 
            
            
            
            CNNVD: CNNVD-200607-451 // 
            
            
            
            NVD: CVE-2006-3885

REFERENCES
url:http://www.securityfocus.com/bid/19136
Trust: 1.7
url:http://www.sec-tec.co.uk/vulnerability/r55w_directory_traversal.html
Trust: 1.7
url:http://securitytracker.com/id?1016563
Trust: 1.7
url:http://secunia.com/advisories/21200
Trust: 1.7
url:http://securityreason.com/securityalert/1290
Trust: 1.7
url:http://www.securityfocus.com/archive/1/440990/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/441495/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/2965
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27937
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3885
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3885
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/27937
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/2965
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/440990/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/441495/100/0/threaded
Trust: 0.6
url:/archive/1/440990
Trust: 0.3
url:http://secunia.com/advisories/21200/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://archives.neohapsis.com/archives/bugtraq/2006-07/0419.html
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/product/2542/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-19993 // 
            
            
            
            BID: 19136 // 
            
            
            
            JVNDB: JVNDB-2006-002923 // 
            
            
            
            PACKETSTORM: 48608 // 
            
            
            
            CNNVD: CNNVD-200607-451 // 
            
            
            
            NVD: CVE-2006-3885

CREDITS
Pete Foster pete@sec-tec.demon.co.uk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200607-451

SOURCES
db:VULHUBid:VHN-19993
db:BIDid:19136
db:JVNDBid:JVNDB-2006-002923
db:PACKETSTORMid:48608
db:CNNVDid:CNNVD-200607-451
db:NVDid:CVE-2006-3885

LAST UPDATE DATE
2024-08-14T12:54:47.223000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-19993date:2018-10-17T00:00:00
db:BIDid:19136date:2006-07-27T22:57:00
db:JVNDBid:JVNDB-2006-002923date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200607-451date:2006-07-27T00:00:00
db:NVDid:CVE-2006-3885date:2018-10-17T21:32:13.377

SOURCES RELEASE DATE
db:VULHUBid:VHN-19993date:2006-07-27T00:00:00
db:BIDid:19136date:2006-07-24T00:00:00
db:JVNDBid:JVNDB-2006-002923date:2012-12-20T00:00:00
db:PACKETSTORMid:48608date:2006-07-28T01:04:26
db:CNNVDid:CNNVD-200607-451date:2006-07-26T00:00:00
db:NVDid:CVE-2006-3885date:2006-07-27T01:04:00