Vulnerability ID 21

Check Point Syslog Daemon Escape Sequence Handler Eingabeungültigkeit

Check Point
CVSSv3 Temp ScoreCurrent Exploit Price (≈)
6.5$0-$1k

A vulnerability, which was classified as critical, was found in Check Point Syslog Daemon (the affected version is unknown). This affects an unknown function of the component Escape Sequence Handler. The manipulation with an unknown input leads to a eingabeungültigkeit vulnerability. This is going to have an impact on confidentiality, and integrity.

The weakness was released 03/21/2003 by Peter Bieringer with AreaSec. The advisory is shared for download at aerasec.de. This vulnerability is uniquely identified as CVE-1999-1115. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but an exploit is available.

The exploit is shared for download at securityfocus.com. We expect the 0-day to have been worth approximately $10k-$25k.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at securityfocus.com.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 7161). Entries connected to this vulnerability are available at 13626.

CVSSv3

Base Score: 6.5 [?]
Temp Score: 6.5 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:U/RC:X [?]
Reliability: High

CVSSv2

Base Score: 5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N) [?]
Temp Score: 5.8 (CVSS2#E:ND/RL:U/RC:ND) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Eingabeungültigkeit
Local: No
Remote: Yes

Availability: Yes
Download: securityfocus.com

Current Price Estimation: $10k-$25k (0-day) / $0-$1k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k

Countermeasures

Recommended: Deaktivieren
Status: Not available

Patch: securityfocus.com

Timeline

12/31/1990 NVD disclosed
03/21/2003 +4463 days Advisory disclosed
03/21/2003 +0 days VulDB entry created
03/21/2003 +0 days SecurityFocus entry assigned
09/19/2016 +4931 days VulDB last update

Sources

Advisory: aerasec.de
Researcher: Peter Bieringer
Organization: AreaSec

CVE: CVE-1999-1115 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 7161 - Check Point FW-1 Syslog Daemon Unfiltered Escape Sequence Vulnerability

See also: 13626

Entry

Created: 03/21/2003
Updated: 09/19/2016
Entry: 81.3% complete