CVE-2005-2145 - The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows

CVE-2005-2145

Summary

The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message.

References

http://secunia.com/advisories/15885
http://securitytracker.com/id?1014346

Vulnerable Configurations

cpe:2.3:a:prevx:prevx_pro_2005:1.0:*:*:*:*:*:*:*
cpe:2.3:a:prevx:prevx_pro_2005:1.0:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 05-09-2008 - 20:51)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

sectrack	1014346
secunia	15885

Last major update

05-09-2008 - 20:51

Published

05-07-2005 - 04:00

Last modified

05-09-2008 - 20:51