VAR-200510-0181
Vulnerability from variot - Updated: 2023-12-18 13:49Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. The first issue is a buffer overflow vulnerability, due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. Local attackers may exploit this first issue to execute arbitrary machine code with SYSTEM privileges. Attackers require the ability to modify the firewall's list of allowed applications. The second issue is an authentication bypass vulnerability. Local attackers may exploit the second issue to disable the firewall, aiding them in further attacks. These issues may only be exploited by local attackers with privileges allowing them to utilize 'DeviceIoControl()' to send commands to the firewall driver. These issues are reported to exist in version 1.3.0.43. Other versions may also be affected.
1) A boundary error in PWIWrapper.dll when deleting a program from the list of "allowed" programs can cause a stack-based buffer overflow in FirewallNTService.exe.
Successful exploitation allows non-privileged users to execute arbitrary code with SYSTEM privileges, but requires the the ability to add and remove programs from the firewall's permitted application list.
SOLUTION: Update to version 1.3.0 build 52.
PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research.
ORIGINAL ADVISORY: Webroot: http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332
Secunia Research: http://secunia.com/secunia_research/2005-10/advisory/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200510-0181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desktop firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "webroot",
"version": "1.3.0_build_43"
},
{
"model": "desktop firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "webroot",
"version": "1.3.0_build_43"
},
{
"model": "software desktop firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "webroot",
"version": "1.3.0.43"
},
{
"model": "software desktop firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "webroot",
"version": "1.3.0.52"
}
],
"sources": [
{
"db": "BID",
"id": "15016"
},
{
"db": "NVD",
"id": "CVE-2005-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:webroot_software:desktop_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.0_build_43",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tan Chew Keong of Secunia Research is credited with the discovery of these issues.",
"sources": [
{
"db": "BID",
"id": "15016"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
],
"trust": 0.9
},
"cve": "CVE-2005-3198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-14407",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-3198",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-125",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14407",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14407"
},
{
"db": "NVD",
"id": "CVE-2005-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. \nThe first issue is a buffer overflow vulnerability, due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. \nLocal attackers may exploit this first issue to execute arbitrary machine code with SYSTEM privileges. Attackers require the ability to modify the firewall\u0027s list of allowed applications. \nThe second issue is an authentication bypass vulnerability. \nLocal attackers may exploit the second issue to disable the firewall, aiding them in further attacks. \nThese issues may only be exploited by local attackers with privileges allowing them to utilize \u0027DeviceIoControl()\u0027 to send commands to the firewall driver. \nThese issues are reported to exist in version 1.3.0.43. Other versions may also be affected. \n\n1) A boundary error in PWIWrapper.dll when deleting a program from\nthe list of \"allowed\" programs can cause a stack-based buffer\noverflow in FirewallNTService.exe. \n\nSuccessful exploitation allows non-privileged users to execute\narbitrary code with SYSTEM privileges, but requires the the ability\nto add and remove programs from the firewall\u0027s permitted application\nlist. \n\nSOLUTION:\nUpdate to version 1.3.0 build 52. \n\nPROVIDED AND/OR DISCOVERED BY:\nTan Chew Keong, Secunia Research. \n\nORIGINAL ADVISORY:\nWebroot:\nhttp://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2005-10/advisory/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3198"
},
{
"db": "BID",
"id": "15016"
},
{
"db": "VULHUB",
"id": "VHN-14407"
},
{
"db": "PACKETSTORM",
"id": "40466"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15016",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "15745",
"trust": 1.8
},
{
"db": "SREASON",
"id": "55",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015012",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-1973",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-3198",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "19869",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125",
"trust": 0.7
},
{
"db": "XF",
"id": "22530",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20051006 SECUNIA RESEARCH: WEBROOT DESKTOP FIREWALL TWO VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-14407",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40466",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14407"
},
{
"db": "BID",
"id": "15016"
},
{
"db": "PACKETSTORM",
"id": "40466"
},
{
"db": "NVD",
"id": "CVE-2005-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
]
},
"id": "VAR-200510-0181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14407"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:49:55.255000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.webroot.com/ics/support/kbanswer.asp?questionid=2332"
},
{
"trust": 1.8,
"url": "http://secunia.com/secunia_research/2005-10/advisory/"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/15745/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15016"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0129.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/19869"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015012"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/55"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/1973"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22530"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/1973"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/22530"
},
{
"trust": 0.3,
"url": "http://www.webroot.com/consumer/products/desktopfirewall/"
},
{
"trust": 0.3,
"url": "http://support.webroot.com/ics/support/default.asp?deptid=776"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5805/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14407"
},
{
"db": "BID",
"id": "15016"
},
{
"db": "PACKETSTORM",
"id": "40466"
},
{
"db": "NVD",
"id": "CVE-2005-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14407"
},
{
"db": "BID",
"id": "15016"
},
{
"db": "PACKETSTORM",
"id": "40466"
},
{
"db": "NVD",
"id": "CVE-2005-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-14407"
},
{
"date": "2005-10-06T00:00:00",
"db": "BID",
"id": "15016"
},
{
"date": "2005-10-06T16:36:36",
"db": "PACKETSTORM",
"id": "40466"
},
{
"date": "2005-10-14T10:02:00",
"db": "NVD",
"id": "CVE-2005-3198"
},
{
"date": "2005-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-14407"
},
{
"date": "2005-10-06T00:00:00",
"db": "BID",
"id": "15016"
},
{
"date": "2017-07-11T01:33:07.547000",
"db": "NVD",
"id": "CVE-2005-3198"
},
{
"date": "2006-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "15016"
},
{
"db": "PACKETSTORM",
"id": "40466"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Webroot Software Desktop Firewall Firewall disable vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "15016"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-125"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…