>> Check Point Products CIFS Service Group Security Bypass Issue
Title : Check Point Products CIFS Service Group Security Bypass Issue VUPEN ID : VUPEN/ADV-2005-1773 CVE ID : CVE-2005-2889 CWE ID : CWE-
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-09-16
Technical Description
A vulnerability has been identified in multiple Check Point products, which could be exploited by remote attackers bypass security policies. This issue is due to a design error where a service group and a protocol type share the same name "CIFS" (Common Internet File System), which could be exploited by a remote attacker on a network designated as a member of a CIFS service group to bypass firewall rules and reach hosts that would normally be protected.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
