PT-2019-19051 · Check Point · Check Point Zonealarm

Jakub Palaczynski

Publicado

2019-04-17

Atualizado

2020-10-22

CVE-2019-8455

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Check Point ZoneAlarm versions up to 15.4.062

Description A local attacker can gain higher privileges to files with limited access by creating a hard-link from the log file of Check Point ZoneAlarm to any file on the system, resulting in permission changes that allow all users to access the linked file.

Recommendations For Check Point ZoneAlarm versions up to 15.4.062, consider restricting access to the log file to prevent attackers from creating hard-links and gaining elevated privileges. As a temporary workaround, monitor file system permissions closely and restrict access to sensitive files until a fix is available.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59CWE-65

Identificadores relacionados

CVE-2019-8455

Produtos afetados

Check Point Zonealarm

PT-2019-19051 · Check Point · Check Point Zonealarm

CVE-2019-8455

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4