Details of VAR-200509-0077

ID

VAR-200509-0077

CVE

CVE-2005-2889

TITLE

Check Point Firewall rules may improperly handle network traffic

Trust: 0.8

sources: CERT/CC: VU#508209

DESCRIPTION

Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions. CIFS There is a vulnerability that will be interpreted.Check Point VPN-1/FireWall-1 May be restricted and may be connected to a computer in the network. This issue is due to a failure of the software to properly implement expected firewall rules. This vulnerability allows attackers to bypass firewall rules, letting them attack protected services and computers without expected restriction. This also issue leads to a false sense of security by firewall administrators. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Check Point Firewall CIFS Service Group Rule Bypass SECUNIA ADVISORY ID: SA16770 VERIFY ADVISORY: http://secunia.com/advisories/16770/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Check Point VPN-1/Firewall-1 NG http://secunia.com/product/89/ Check Point VPN-1 Server 4.x http://secunia.com/product/2965/ Check Point Provider-1 http://secunia.com/product/3262/ Check Point FireWall-1 GX 2.x http://secunia.com/product/3263/ Check Point Firewall-1 4.x http://secunia.com/product/88/ Check Point VPN-1/FireWall-1 NG with Application Intelligence (AI) http://secunia.com/product/2542/ Check Point VPN-1/FireWall-1 VSX NG http://secunia.com/product/3264/ DESCRIPTION: fitz has reported a security issue in Check Point Firewall, which potentially can be exploited by malicious people to bypass certain security restrictions. The security issue has been reported in the following products: * VPN-1/FireWall-1 * VPN-1 VSX * Provider-1 SOLUTION: The vendor suggests renaming the CIFS service group. Refer to the vendor's advisory for instructions. PROVIDED AND/OR DISCOVERED BY: fitz ORIGINAL ADVISORY: Check Point: http://secureknowledge.us.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?id=sk31196 OTHER REFERENCES: US-CERT VU#508209: http://www.kb.cert.org/vuls/id/508209 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.06

sources: NVD: CVE-2005-2889 // CERT/CC: VU#508209 // JVNDB: JVNDB-2005-000517 // BID: 14781 // BID: 89347 // VULHUB: VHN-14098 // PACKETSTORM: 40276

AFFECTED PRODUCTS

vendor:	checkpoint	model:	connectra ngx	scope:	eq	version:	r60	Trust: 1.6
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	vpn-1/firewall-1	scope:	lte	version:	ng fp3	Trust: 0.8
vendor:	check point	model:	vpn-1/firewall-1	scope:	lte	version:	ng with application intelligence (r55w)	Trust: 0.8
vendor:	check	model:	point software vpn-1 next generation fp2	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software vpn-1 next generation fp1	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software vpn-1 next generation fp0	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp6	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp5a	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp5	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software secureplatform ngx r60 build	scope:	eq	version:	244	Trust: 0.3
vendor:	check	model:	point software secureplatform ng fp2 edition	scope:	eq	version:	2	Trust: 0.3
vendor:	check	model:	point software secureplatform ng fp2	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software secureplatform ng fp1	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software secureplatform ng	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software provider-1 ng with application intelligence r55	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software provider-1 ng with application intelligence r54	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software provider-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software provider-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software provider-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software provider-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software provider-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 next generation fp3	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software firewall-1 next generation fp2	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software firewall-1 next generation fp1	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software firewall-1 next generation fp0	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software firewall-1 [ vpn des ]	scope:	eq	version:	+4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 [ vpn des strong ] sp2 build	scope:	eq	version:	++4.141716	Trust: 0.3
vendor:	check	model:	point software firewall-1 [ vpn des strong ] build	scope:	eq	version:	++4.141439	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp6	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp5a	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp5	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software connectra ngx r60	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#508209 // BID: 14781 // BID: 89347 // JVNDB: JVNDB-2005-000517 // NVD: CVE-2005-2889 // CNNVD: CNNVD-200509-111

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2005-2889
value:	HIGH
Trust: 1.8
CARNEGIE MELLON:	VU#508209
value:	4.39
Trust: 0.8
CNNVD:	CNNVD-200509-111
value:	HIGH
Trust: 0.6
VULHUB:	VHN-14098
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	TRUE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2005-2889
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-14098
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#508209 // VULHUB: VHN-14098 // JVNDB: JVNDB-2005-000517 // NVD: CVE-2005-2889 // CNNVD: CNNVD-200509-111

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2889

THREAT TYPE

network

Trust: 0.6

sources: BID: 14781 // BID: 89347

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200509-111

CONFIGURATIONS

sources: NVD: CVE-2005-2889

PATCH

title:

sk31196

url:

http://secureknowledge.us.checkpoint.com/secureknowledge/viewsolutiondocument.do?id=sk31196

Trust: 0.8

sources: JVNDB: JVNDB-2005-000517

EXTERNAL IDS

db:	CERT/CC	id:	VU#508209	Trust: 3.7
db:	NVD	id:	CVE-2005-2889	Trust: 2.8
db:	BID	id:	14781	Trust: 1.9
db:	SECUNIA	id:	16770	Trust: 1.0
db:	JVNDB	id:	JVNDB-2005-000517	Trust: 0.8
db:	CNNVD	id:	CNNVD-200509-111	Trust: 0.7
db:	BUGTRAQ	id:	20050907 RULE BYPASSING IN CHECKPOINT NGX R60	Trust: 0.6
db:	BID	id:	89347	Trust: 0.4
db:	VULHUB	id:	VHN-14098	Trust: 0.1
db:	PACKETSTORM	id:	40276	Trust: 0.1

sources: CERT/CC: VU#508209 // VULHUB: VHN-14098 // BID: 14781 // BID: 89347 // JVNDB: JVNDB-2005-000517 // PACKETSTORM: 40276 // NVD: CVE-2005-2889 // CNNVD: CNNVD-200509-111

REFERENCES

url:	http://www.kb.cert.org/vuls/id/508209	Trust: 2.9
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=112611529724821&w=2	Trust: 2.3
url:	http://www.securityfocus.com/bid/14781	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=112611529724821&w=2	Trust: 1.0
url:	http://secureknowledge.us.checkpoint.com/secureknowledge/viewsolutiondocument.do?id=sk31196	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/409877	Trust: 0.8
url:	http://secunia.com/advisories/16770	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2889	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2005/1773	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2889	Trust: 0.8
url:	http://www.checkpoint.com/techsupport/	Trust: 0.3
url:	http://www.checkpoint.com/ngx/upgrade/index.html	Trust: 0.3
url:	/archive/1/409877	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=112611529724821&w=2	Trust: 0.1
url:	http://secunia.com/product/89/	Trust: 0.1
url:	http://secunia.com/product/3263/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/16770/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/product/2542/	Trust: 0.1
url:	http://secunia.com/product/88/	Trust: 0.1
url:	http://secunia.com/product/3264/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/3262/	Trust: 0.1
url:	http://secunia.com/product/2965/	Trust: 0.1

CREDITS

fitz <fitzimailing@yahoo.de> discovered this vulnerability.

Trust: 0.3

sources: BID: 14781

SOURCES

db:	CERT/CC	id:	VU#508209
db:	VULHUB	id:	VHN-14098
db:	BID	id:	14781
db:	BID	id:	89347
db:	JVNDB	id:	JVNDB-2005-000517
db:	PACKETSTORM	id:	40276
db:	NVD	id:	CVE-2005-2889
db:	CNNVD	id:	CNNVD-200509-111

LAST UPDATE DATE

2023-12-18T13:40:54.724000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#508209	date:	2005-09-27T00:00:00
db:	VULHUB	id:	VHN-14098	date:	2016-10-18T00:00:00
db:	BID	id:	14781	date:	2005-09-08T00:00:00
db:	BID	id:	89347	date:	2005-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2005-000517	date:	2007-04-01T00:00:00
db:	NVD	id:	CVE-2005-2889	date:	2016-10-18T03:31:17.137
db:	CNNVD	id:	CNNVD-200509-111	date:	2006-01-04T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#508209	date:	2005-09-16T00:00:00
db:	VULHUB	id:	VHN-14098	date:	2005-09-14T00:00:00
db:	BID	id:	14781	date:	2005-09-08T00:00:00
db:	BID	id:	89347	date:	2005-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2005-000517	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	40276	date:	2005-09-27T00:49:09
db:	NVD	id:	CVE-2005-2889	date:	2005-09-14T20:03:00
db:	CNNVD	id:	CNNVD-200509-111	date:	2005-09-14T00:00:00