VAR-201107-0226
Vulnerability from variot - Updated: 2025-04-11 23:16Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. Check Point Provider-1 is prone to an unspecified security vulnerability. No further technical details are currently available. We will update this BID as more information emerges. ======================================================================= title: Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products product: Check Point Security Management * Multi-Domain Security Management / Provider-1 * SmartCenter vulnerable version: multiple products, see sections below fixed version: multiple products, see sections below CVE number: CVE-2011-2664 impact: high homepage: http://www.checkpoint.com found: 2010-08-13 by: Matthew Flanagan http://wadofstuff.blogspot.com =======================================================================
Vendor Product Description
"Security Management and Multi-Domain Security Management (Provider-1) delivers more security and control by segmenting your security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management."
URL: http://www.checkpoint.com/products/multi-domain-security-management/index.html
"Check Point UTM-1 Edge appliances deliver proven, best-in-class security right out of the box! These simple, all-in-one appliances allow branch offices to deploy comprehensive security quickly and easily. These appliances offer robust performance, powerful central management and advanced wireless options."
URL: http://www.checkpoint.com/products/utm-1-edge/index.html
Vulnerability Description
A post-installation shell script is executed both in the provisioning of a Security Management Domain and installation of a standalone SmartCenter. The script is used to generate a configuration file for use by the SofaWare Management Server (SMS). The SMS is used to send all configuration changes performed in the SmartCenter/Management Domain to UTM-1 Edge devices. UTM-1 Edge devices also communicate their status to the SmartCenter/Management Domain via SMS.
The script also contains a second-order symlink vulnerability [1] which makes it possible for an attacker to gain control of the SMS configuration file: $FWDIR/conf/sofaware/SWManagementServer.ini. The SWManagementServer.ini file contains sensitive information and configuration parameters for the management of UTM-1 Edge firewall appliances such as firmware versions, mail proxies, logging levels, and many timeout and polling intervals for various software components running on the Edge devices.
The likelhood of exploiting this vulnerability on a server running SmartCenter is low due to it only being exploitable during the installation of the software. However, for Management Domains running on a Multi-Domain Management / Provider-1 server the likelihood is much higher as the vulnerability can be exploited every time a new Management Domain is created.
Exploit
An exploit will not be published.
Vulnerable Versions
R65.70 R70.40 R71.30 R75.10
On Linux, SecurePlatform and Solaris.
Solution
Fixed in R71.40 and R75.20. 2010-08-16: Vendor responded. 2010-08-16: Provided vulnerability details and exploit to vendor. 2010-08-18: Vendor confirmation of vulnerability. 2010-08-26: Requested a status update from the vendor. 2010-08-28: Vendor: working on a fix and release plan. 2011-05-31: Requested a status update from the vendor. 2011-06-01: Vendor: Fixed in R75. Advisory to be released on 2011-06-15. 2011-06-06: Advised vendor that R75 GA and R75.10 are still vulnerable. 2011-06-06: Applied for CVE number from MITRE. 2011-06-14: Sent more details to MITRE. 2011-06-15: Vendor publishes advisory and fix. 2011-06-16: Contacted AusCERT. 2011-07-06: Asked MITRE for status of CVE number allocation. 2011-07-07: Assigned CVE number by MITRE. 2011-08-16: Released advisory.
References
[1] http://www.securityfocus.com/archive/1/401682 . ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Check Point Multi-Domain Management / Provider-1 File Overwrite Vulnerability
SECUNIA ADVISORY ID: SA45231
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45231/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45231
RELEASE DATE: 2011-07-25
DISCUSS ADVISORY: http://secunia.com/advisories/45231/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45231/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45231
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Check Point Multi-Domain Management / Provider-1, which can be exploited by malicious, local users to manipulate certain data.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Matthew Flanagan.
ORIGINAL ADVISORY: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk63565
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201107-0226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multi-domain management\\/provider-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_r75"
},
{
"model": "multi-domain management\\/provider-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_r65"
},
{
"model": "multi-domain management\\/provider-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_r71"
},
{
"model": "multi-domain management\\/provider-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_smartcenter"
},
{
"model": "multi-domain management\\/provider-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_r70"
},
{
"model": "multi-domain management/provider-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ngx r65"
},
{
"model": "multi-domain management/provider-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r70"
},
{
"model": "multi-domain management/provider-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r71"
},
{
"model": "multi-domain management/provider-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r75"
},
{
"model": "multi-domain management/provider-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "and smartcenter"
},
{
"model": "point software provider-1 ngx r75",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software provider-1 ngx r71",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software provider-1 ngx r70",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software provider-1 ngx r65",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "48656"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-112"
},
{
"db": "NVD",
"id": "CVE-2011-2664"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:checkpoint:multi-domain_management%2Fprovider-1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthew Flanagan",
"sources": [
{
"db": "BID",
"id": "48656"
},
{
"db": "PACKETSTORM",
"id": "104077"
}
],
"trust": 0.4
},
"cve": "CVE-2011-2664",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2011-2664",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-50609",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-2664",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2011-2664",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201107-112",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-50609",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50609"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-112"
},
{
"db": "NVD",
"id": "CVE-2011-2664"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. Check Point Provider-1 is prone to an unspecified security vulnerability. \nNo further technical details are currently available. We will update this BID as more information emerges. =======================================================================\n title: Symlink Following and Second-Order Symlink\nVulnerabilities in Multiple Check Point Security Management Products\n product: Check Point Security Management\n * Multi-Domain Security Management / Provider-1\n * SmartCenter\n vulnerable version: multiple products, see sections below\n fixed version: multiple products, see sections below\n CVE number: CVE-2011-2664\n impact: high\n homepage: http://www.checkpoint.com\n found: 2010-08-13\n by: Matthew Flanagan\n http://wadofstuff.blogspot.com\n=======================================================================\n\nVendor Product Description\n--------------------------\n\n\"Security Management and Multi-Domain Security Management (Provider-1) delivers\nmore security and control by segmenting your security management into multiple\nvirtual domains. Businesses of all sizes can easily create virtual domains\nbased on geography, business unit or security function to strengthen security\nand simplify management.\"\n\nURL: http://www.checkpoint.com/products/multi-domain-security-management/index.html\n\n\"Check Point UTM-1 Edge appliances deliver proven, best-in-class security right\nout of the box! These simple, all-in-one appliances allow branch offices to\ndeploy comprehensive security quickly and easily. These appliances offer robust\nperformance, powerful central management and advanced wireless options.\"\n\nURL: http://www.checkpoint.com/products/utm-1-edge/index.html\n\nVulnerability Description\n-------------------------\n\nA post-installation shell script is executed both in the provisioning of a\nSecurity Management Domain and installation of a standalone SmartCenter. The\nscript is used to generate a configuration file for use by the SofaWare\nManagement Server (SMS). The SMS is used to send all configuration changes\nperformed in the SmartCenter/Management Domain to UTM-1 Edge devices. UTM-1\nEdge devices also communicate their status to the SmartCenter/Management\nDomain via SMS. \n\nThe script also contains a second-order symlink vulnerability [1]\nwhich makes it\npossible for an attacker to gain control of the SMS configuration\nfile: $FWDIR/conf/sofaware/SWManagementServer.ini. The SWManagementServer.ini\nfile contains sensitive information and configuration parameters for the\nmanagement of UTM-1 Edge firewall appliances such as firmware versions,\nmail proxies, logging levels, and many timeout and polling intervals for\nvarious software components running on the Edge devices. \n\nThe likelhood of exploiting this vulnerability on a server running SmartCenter\nis low due to it only being exploitable during the installation of the software. \nHowever, for Management Domains running on a Multi-Domain Management /\nProvider-1 server the likelihood is much higher as the vulnerability can be\nexploited every time a new Management Domain is created. \n\nExploit\n-------\n\nAn exploit will not be published. \n\nVulnerable Versions\n-------------------\n\nR65.70\nR70.40\nR71.30\nR75.10\n\nOn Linux, SecurePlatform and Solaris. \n\nSolution\n--------\n\nFixed in R71.40 and R75.20. \n2010-08-16: Vendor responded. \n2010-08-16: Provided vulnerability details and exploit to vendor. \n2010-08-18: Vendor confirmation of vulnerability. \n2010-08-26: Requested a status update from the vendor. \n2010-08-28: Vendor: working on a fix and release plan. \n2011-05-31: Requested a status update from the vendor. \n2011-06-01: Vendor: Fixed in R75. Advisory to be released on 2011-06-15. \n2011-06-06: Advised vendor that R75 GA and R75.10 are still vulnerable. \n2011-06-06: Applied for CVE number from MITRE. \n2011-06-14: Sent more details to MITRE. \n2011-06-15: Vendor publishes advisory and fix. \n2011-06-16: Contacted AusCERT. \n2011-07-06: Asked MITRE for status of CVE number allocation. \n2011-07-07: Assigned CVE number by MITRE. \n2011-08-16: Released advisory. \n\nReferences\n----------\n\n[1] http://www.securityfocus.com/archive/1/401682\n. ----------------------------------------------------------------------\n\nThe Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. \n\nRead more and request a free trial:\nhttp://secunia.com/products/corporate/vim/\n\n----------------------------------------------------------------------\n\nTITLE:\nCheck Point Multi-Domain Management / Provider-1 File Overwrite\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA45231\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45231/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45231\n\nRELEASE DATE:\n2011-07-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45231/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45231/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45231\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Check Point Multi-Domain\nManagement / Provider-1, which can be exploited by malicious, local\nusers to manipulate certain data. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Matthew Flanagan. \n\nORIGINAL ADVISORY:\nhttps://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk63565\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2664"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
},
{
"db": "BID",
"id": "48656"
},
{
"db": "VULHUB",
"id": "VHN-50609"
},
{
"db": "PACKETSTORM",
"id": "104077"
},
{
"db": "PACKETSTORM",
"id": "103346"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-50609",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50609"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-2664",
"trust": 2.9
},
{
"db": "BID",
"id": "48656",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "45231",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004766",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201107-112",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "104077",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-50609",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "103346",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50609"
},
{
"db": "BID",
"id": "48656"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
},
{
"db": "PACKETSTORM",
"id": "104077"
},
{
"db": "PACKETSTORM",
"id": "103346"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-112"
},
{
"db": "NVD",
"id": "CVE-2011-2664"
}
]
},
"id": "VAR-201107-0226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-50609"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:16:47.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sk63565",
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk63565"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2664"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk63565"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/48656"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/45231"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68502"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2664"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2664"
},
{
"trust": 0.4,
"url": "http://www.checkpoint.com"
},
{
"trust": 0.3,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_doshowproductpage\u0026producttab=overview\u0026product=166"
},
{
"trust": 0.1,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026amp;solutionid=sk63565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2664"
},
{
"trust": 0.1,
"url": "http://wadofstuff.blogspot.com"
},
{
"trust": 0.1,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=syyk63565"
},
{
"trust": 0.1,
"url": "http://www.checkpoint.com/products/multi-domain-security-management/index.html"
},
{
"trust": 0.1,
"url": "http://wadofstuff.blogspot.com/2011/08/security-advisory-symlink-following-and.html"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/archive/1/401682"
},
{
"trust": 0.1,
"url": "http://www.checkpoint.com/products/utm-1-edge/index.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45231"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45231/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45231/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50609"
},
{
"db": "BID",
"id": "48656"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
},
{
"db": "PACKETSTORM",
"id": "104077"
},
{
"db": "PACKETSTORM",
"id": "103346"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-112"
},
{
"db": "NVD",
"id": "CVE-2011-2664"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-50609"
},
{
"db": "BID",
"id": "48656"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
},
{
"db": "PACKETSTORM",
"id": "104077"
},
{
"db": "PACKETSTORM",
"id": "103346"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-112"
},
{
"db": "NVD",
"id": "CVE-2011-2664"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-50609"
},
{
"date": "2011-07-12T00:00:00",
"db": "BID",
"id": "48656"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004766"
},
{
"date": "2011-08-16T23:23:23",
"db": "PACKETSTORM",
"id": "104077"
},
{
"date": "2011-07-24T06:05:42",
"db": "PACKETSTORM",
"id": "103346"
},
{
"date": "2011-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-112"
},
{
"date": "2011-07-08T20:55:00.977000",
"db": "NVD",
"id": "CVE-2011-2664"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-50609"
},
{
"date": "2011-07-12T00:00:00",
"db": "BID",
"id": "48656"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004766"
},
{
"date": "2011-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-112"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-2664"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "48656"
},
{
"db": "PACKETSTORM",
"id": "104077"
},
{
"db": "PACKETSTORM",
"id": "103346"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-112"
}
],
"trust": 1.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point Multi-Domain Management / Provider-1 NGX Vulnerable to overwriting arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004766"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201107-112"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.