Sign-up

ID

VAR-200307-0036


CVE

CVE-2003-0393


TITLE

Privatefirewall FIN/XMas Scanning communication processing vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200307-006

DESCRIPTION

Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans. It has been reported that Privatefirewall does not properly handle TCP traffic with certain flag settings. This may allow an attacker to circumvent firewall filtering. Privatefirewall is a set of firewall software that integrates personal firewall and intrusion detection system. Privatefirewall does not properly handle the communication of some specially marked packets. Remote attackers can exploit this vulnerability to bypass filtering restrictions and access protected resources. The filtering rules of Privatefirewall cannot detect FIN and /Xmas scans, and attackers can use scanning tools such as NMAP to scan protected resources and obtain sensitive information

Trust: 1.26

sources: NVD: CVE-2003-0393 // BID: 7700 // VULHUB: VHN-7221

AFFECTED PRODUCTS

vendor:privacywaremodel:privatefirewallscope:eqversion:3.0

Trust: 1.9

sources: BID: 7700 // CNNVD: CNNVD-200307-006 // NVD: CVE-2003-0393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0393
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200307-006
value: MEDIUM

Trust: 0.6

VULHUB: VHN-7221
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-0393
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7221
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7221 // CNNVD: CNNVD-200307-006 // NVD: CVE-2003-0393

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200307-006

TYPE

Design Error

Trust: 0.9

sources: BID: 7700 // CNNVD: CNNVD-200307-006

EXTERNAL IDS

db:BIDid:7700

Trust: 2.0

db:NVDid:CVE-2003-0393

Trust: 2.0

db:CNNVDid:CNNVD-200307-006

Trust: 0.7

db:BUGTRAQid:20030524 SOME PROBLEMS IN PRIVATEFIREWALL 3.0

Trust: 0.6

db:VULHUBid:VHN-7221

Trust: 0.1

sources: VULHUB: VHN-7221 // BID: 7700 // CNNVD: CNNVD-200307-006 // NVD: CVE-2003-0393

REFERENCES

url:http://www.securityfocus.com/bid/7700

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=105380229532320&w=2

Trust: 1.0

url:http://marc.theaimsgroup.com/?l=bugtraq&m=105380229532320&w=2

Trust: 0.6

url:http://www.privacyware.com/index_pf.html

Trust: 0.3

url:/archive/1/322530

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=105380229532320&w=2

Trust: 0.1

sources: VULHUB: VHN-7221 // BID: 7700 // CNNVD: CNNVD-200307-006 // NVD: CVE-2003-0393

CREDITS

UkR-XblP※ cuctema@ok.ru

Trust: 0.6

sources: CNNVD: CNNVD-200307-006

SOURCES

db:VULHUBid:VHN-7221
db:BIDid:7700
db:CNNVDid:CNNVD-200307-006
db:NVDid:CVE-2003-0393

LAST UPDATE DATE

2024-08-14T14:59:27.238000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-7221date:2016-10-18T00:00:00
db:BIDid:7700date:2009-07-11T22:06:00
db:CNNVDid:CNNVD-200307-006date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0393date:2016-10-18T02:33:18.623

SOURCES RELEASE DATE

db:VULHUBid:VHN-7221date:2003-07-02T00:00:00
db:BIDid:7700date:2003-05-24T00:00:00
db:CNNVDid:CNNVD-200307-006date:2003-05-26T00:00:00
db:NVDid:CVE-2003-0393date:2003-07-02T04:00:00