var-200612-0209
Vulnerability from variot
Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sygate personal firewall",
"scope": "eq",
"trust": 2.7,
"vendor": "symantec",
"version": "5.6.2808"
},
{
"model": "antihook",
"scope": "eq",
"trust": 1.3,
"vendor": "infoprocess",
"version": "3.0.23"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "filseclab",
"version": "3.0.8686"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "comodo",
"version": "2.3.6.81"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 1.0,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "antivirus plus firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "avg",
"version": "7.5.431"
},
{
"model": "\u0027n\u0027 stop look \u0027n\u0027 stop 2.05p2",
"scope": null,
"trust": 0.3,
"vendor": "look",
"version": null
},
{
"model": "anti-virus plus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "7.5.431"
}
],
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:sygate_personal_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6623",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-6623",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-22731",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-6623",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-6623",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-397",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22731",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22731"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. \nAn attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim\u0027s computer. \nThe following software is vulnerable; other versions may also be affected:\nInfoProcess AntiHook version 3.0.0.23\nAVG Anti-Virus plus Firewall version 7.5.431\nComodo Personal Firewall version 2.3.6.81\nFilseclab Personal Firewall version 3.0.0.8686\nLook \u0027n\u0027 Stop Personal Firewall version 2.05p2\nSymantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "VULHUB",
"id": "VHN-22731"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6623",
"trust": 2.5
},
{
"db": "BID",
"id": "21615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-22731",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22731"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"id": "VAR-200612-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22731"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:04:09.009000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.symantec.com/index.jsp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21615"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6623"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6623"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.infoprocess.com.au/antihook.php"
},
{
"trust": 0.3,
"url": "http://www.grisoft.com/"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm\u0026ei=d_6crfdcapuwnqptjcb_\u0026usg=__uqizxyyvwb4dlpaaogel8nftkja=\u0026sig2=riufvoqmxrfqyl4h1bsrzq"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.looknstop.com%2f\u0026ei=m_6crfl8n6cunqp5wef7\u0026usg=__ufqwvzzztduykujwzxq2euu_xna=\u0026sig2=1vrohasxv2wrxkwcut7fua"
},
{
"trust": 0.3,
"url": "/archive/1/454522"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22731"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22731"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-22731"
},
{
"date": "2006-12-15T00:00:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"date": "2006-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-397"
},
{
"date": "2006-12-18T11:28:00",
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22731"
},
{
"date": "2006-12-15T21:18:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"date": "2007-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-397"
},
{
"date": "2024-11-21T00:23:13.407000",
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sygate Personal Firewall Vulnerability that bypasses ongoing product control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…