43 matches found
CVE-2004-0079
The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...
CVE-2004-0081
CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...
CVE-1999-0675
CVE-1999-0675 : The vulnerability affects Check Point FireWall-1. An attacker can cause a denial of service by sending UDP packets through VPN-1 to port 0 of a host, potentially crashing the remote host or the firewall between the attacker and the target. The available sources describe this DoS c...
CVE-2004-0112
The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...
CVE-1999-0895
The provided data identifies CVE-1999-0895 affecting Firewall-1, in which LDAP attributes are not properly restricted. The entry describes a network-exposed issue with no authentication required, leading to partial disclosure/integrity/availability impact (CVSS v2 base score 7.5, HIGH). No concre...
CVE-2000-1201
CVE-2000-1201 affects Check Point FireWall-1 and remote DoS is caused by a flood of packets to port 264. The available data shows a network-based vulnerability with a CVSS v2 base score of 5.0 (Medium) and no confidentiality/integrity impact, partial availability impact. No explicit exploitation ...
CVE-2001-0182
Technical details about CVE-2001-0182 (affected products, root cause, remediation) are not publicly available in the provided documents. Monitor for updates from official sources.
CVE-2004-0039
CVE-2004-0039 involves multiple format-string vulnerabilities in Check Point Firewall-1’s HTTP components: HTTP Application Intelligence (AI) in NG-AI R55/R54 and the HTTP Security Server included with NG FP1/FP2/FP3. The root cause is format specifiers used in error messages generated from craft...
CVE-2004-0699
CVE-2004-0699 describes a heap-based buffer overflow in the ASN.1 decoding library used by Check Point VPN-1 products when Aggressive Mode IKE is enabled. The root cause is a vulnerability in ASN.1 decoding that can be triggered by sending a malformed IKE packet after initiating a negotiation, al...
CVE-2004-0469
The CVE-2004-0469 issue affects Check Point VPN-1 and FireWall-1 NG products, with a buffer overflow in the ISAKMP functionality that could let remote attackers execute arbitrary code during VPN tunnel negotiation. Affected versions are VPN-1/FireWall-1 before R55 HFA-03, R54 HFA-410 and NG FP3 H...
CVE-2004-0040
A buffer overflow flaw in the ISAKMP implementation used by Check Point VPN-1, SecuRemote, and SecureClient (ISAKMP/IKE) allows unauthenticated remote code execution via a crafted ISAKMP packet with a large Certificate Request payload. Exploitation targets UDP 500 and can run with VPN process pri...
CVE-2005-3673
CVE-2005-3673 relates to an IKEv1 DoS in Check Point products via crafted IKEv1 packets. Connected sources show a broader set of IKEv1 issues (CVE-2005-3666/3667/3668) with remote denial-of-service effects in multiple implementations (notably ipsec-tools’ racoon). The Proton/PROTOS test suite is ...
CVE-2000-0804
The vulnerability CVE-2000-0804 affects Check Point VPN-1/FireWall-1 4.1 and earlier. It is caused by a flaw in handling fragmented TCP connection requests or reopening closed one-way connections, allowing remote attackers to bypass the directionality check (One-way Connection Enforcement Bypass)...
CVE-2002-2405
CVE-2002-2405 affects Check Point FireWall-1 4.1 and NG when UserAuth is configured to proxy HTTP traffic only, permitting remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. The root cause and actionable remediation details are not provided in the co...
CVE-1999-0770
CVE-1999-0770 affects Firewall-1, where a long timeout on connections that start with ACK/non-SYN packets enables a denial of service by mass connection attempts to unresponsive systems. Red Hat and CVE records corroborate the symptom; Nessus describes a remote DoS attack via the ACK/stream attac...
CVE-2004-2679
CVE-2004-2679 affects Check Point Firewall-1 4.1 up to NG AI R55. The vulnerability arises when an attacker sends an Internet Key Exchange (IKE) message with a crafted Vendor ID payload, causing the firewall to reveal version information and potentially other details in its response. This is an i...
CVE-2000-0150
Check Point FireWall-1 is affected by CVE-2000-0150, where the FTP PASV handling flaw in stateful inspection allows remote attackers to bypass FTP data-connection restrictions by causing the firewall to misinterpret crafted packets as a valid PASV response. The vulnerability stems from layering v...
CVE-2000-0809
The vulnerability CVE-2000-0809 is a buffer overflow in the GetKey routine of the inter-module communication protocol checker (Getkey) in Check Point VPN-1/FireWall-1 4.1 and earlier. This flaw allows remote attackers to crash the firewall daemon, leaving policy enforcement in place but potential...
CVE-2000-0482
The CVE-2000-0482 issue affects Check Point Firewall-1, where an attacker can cause a denial-of-service by sending a flood of malformed fragmented IP packets. Public sources (e.g., CERT/CC and vendor advisories) describe the DoS as resulting from CPU/memory saturation due to fragmentation handlin...
CVE-2000-0582
CVE-2000-0582 affects Check Point FireWall-1 releases 4.0 and 4.1. A remote attacker can cause a denial of service by sending a stream of invalid commands (e.g., binary zeros) to the SMTP Security Server proxy. The available sources confirm the affected product/versions and the impact as describe...
CVE-2000-1032
CVE-2000-1032 affects Check Point Firewall-1 4.0 and earlier. The client authentication interface returns distinct error messages for invalid usernames versus invalid passwords, enabling remote attackers to enumerate valid usernames on the firewall. The existing records do not provide concrete de...
CVE-2001-1303
The CVE-2001-1303 entry describes an information-disclosure vulnerability in Check Point Firewall-1 where SecuRemote’s default configuration allows remote attackers to obtain sensitive configuration information for the protected network without authentication. Affected component: SecuRemote (part...
CVE-2003-0757
CVE-2003-0757 affects Check Point FireWall-1 versions 4.0 and 4.1 prior to SP5. The issue allows remote attackers to obtain the IP addresses of internal interfaces by issuing certain SecuRemote requests to TCP ports 256 or 264 , with the IPs leaked in a reply packet. Publicly available sources (N...
CVE-2000-0779
CVE-2000-0779 : Check Point FireWall-1 with the RSH/REXEC setting enabled is vulnerable to remote bypass of access controls via malformed RSH/REXEC connection requests. The root cause is improper handling of certain RSH/REXEC-related data (stderr handling) that allows bypass of restrictions. All ...
CVE-2000-0806
The CVE-2000-0806 issue affects Check Point VPN-1/FireWall-1 4.1 and earlier, specifically the inter-module authentication mechanism (FWA1). The vulnerability allows remote attackers to cause a denial of service via inter-module communications bypass. The root cause is a flaw in FWA1 authenticati...
CVE-2000-0116
The CVE-2000-0116 entry affects Firewall-1. The vulnerability arises from insufficient filtering of script tags; attackers can bypass the Strip Script Tags restriction by prefixing an extra
CVE-2000-0813
Technical details about CVE-2000-0813 are not publicly provided in the connected documents you supplied. The materials do not specify affected products/versions beyond Check Point VPN-1/FireWall-1 4.1 and earlier, nor concrete remediation steps. Monitor for updates.
CVE-2001-1176
CVE-2001-1176 describes a format-string vulnerability in Check Point VPN-1/FireWall-1 4.1. The issue allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. Exploitation details are not provided in the connected documents; no ex...
CVE-2001-1431
CVE-2001-1431 affects Nokia Firewall Appliances (IPSO 3.3/3.4 and VPN-1/Firewall-1 4.1 SP3/4/5) when SYN Defender is in Active Gateway mode. The third packet of the TCP three-way handshake is not rewritten to use the NAT IP address, allowing remote attackers to gain sensitive information. Exploit...
CVE-2000-0805
CVE-2000-0805 affects Check Point VPN-1/FireWall-1 4.1 and earlier. The issue is "Retransmission of Encapsulated Packets": any source can send specially encapsulated FWZ packets that bypass normal rule checks and anti-spoofing, effectively spoofing as a FWZ client. All versions prior to the relev...
CVE-2006-3885
The CVE-2006-3885 vulnerability affects Check Point Firewall-1 R55W prior to HFA03, where an attacker can perform a directory traversal to read arbitrary files by sending an encoded .. in the URL on TCP port 18264. The root cause is improper validation of URL path components leading to file discl...
CVE-2001-0940
Technical details about CVE-2001-0940 are not publicly available in the provided documents; monitor for updates.
CVE-2001-1158
Affected software: Check Point VPN-1/FireWall-1 (version 4.0 and 4.1 per CERT) with the default macro accept_fw1_rdp in base.def. Vulnerability: A forged RDP header sent over UDP port 259 can bypass firewall restrictions, allowing traffic to arbitrary hosts. This is achieved by abusing RDP suppor...
CVE-2001-1171
The CVE affects Check Point Firewall-1, version 3.0b through 4.0 SP1. The root cause is a symlink-following issue during policy rule compilation that creates a world-writable temporary .cpp file, enabling local users to gain privileges or modify the firewall policy. No exploitation details or in-...
CVE-2000-0808
CVE-2000-0808 affects Check Point VPN-1/FireWall-1 (4.1 and earlier). The S/Key inter-module authentication Brute Force Vulnerability allows remote attackers to bypass authentication by brute-forcing the secret key, potentially enabling access to protected assets. Impact aligns with partial confi...
CVE-1999-1204
CVE-1999-1204 affects Check Point Firewall-1. It stems from improper handling of certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which can produce a rule defaulting to an ANY address and grant access to more systems than intended. CVSSv2 score 7.5 (HIGH) with Network...
CVE-2000-0807
The OPSEC Authentication Spoof issue (CVE-2000-0807) affects Check Point VPN-1/FireWall-1 prior to the patches described in the ISS/FireWall-1 vulnerability alert. The security hole arises in the OPSEC authentication mechanism, allowing a remote attacker to spoof authentication and gain access to...
CVE-2001-1101
The CVE-2001-1101 entry concerns the Check Point FireWall-1 GUI on Solaris (3.0b–4.1 SP2). The vulnerability arises in the Log Viewer function, which does not validate the existence of .log files when saving, enabling: (1) remote authenticated users to overwrite arbitrary files ending in .log, an...
CVE-2000-0181
CVE-2000-0181 affects Check Point Firewall-1 3.0 and 4.0, where leaked packets can reveal private IP addresses, allowing remote attackers to infer the real IP of the host initiating the connection. The vulnerability is a confidentiality issue (PARTIAL impact) with network attack vector and no aut...
CVE-2000-1037
The CVE-2000-1037 issue affects Check Point Firewall-1 session agent versions 3.0 through 4.1. The root cause is that the service returns different error messages for invalid usernames versus invalid passwords, enabling remote attackers to enumerate valid usernames and perform brute-force passwor...
CVE-2001-1102
CVE-2001-1102 affects Check Point FireWall-1 on Solaris, vulnerable in versions 3.0b through 4.1. A symlink attack on temporary policy files ending in .cpp, which are world-writable, allows local users to overwrite arbitrary files, impacting confidentiality, integrity, and availability. The descr...
CVE-2001-0082
Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled is affected by CVE-2001-0082. The issue allows remote attackers to bypass access restrictions by sending malformed, fragmented packets, enabling partial confidentiality, integrity, and availability impacts. The primary documents do not pr...
CVE-2002-0428
The CVE-2002-0428 issue affects Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1. A vulnerability in the client configuration allows bypassing the authentication timeout by modifying the to_expire or expire values in the users.C file, potentially extending session validity beyond intended...