Details of VAR-200412-0550

ID

VAR-200412-0550

CVE

CVE-2004-2329

TITLE

Kerio Personal Firewall Local Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 9525 // CNNVD: CNNVD-200412-965

DESCRIPTION

Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. Kerio Personal Firewall 2.1.5 has been reported to be prone to this issue, however, other versions could be affected as well. Kerio Personal Firewall is a personal firewall

Trust: 1.26

sources: NVD: CVE-2004-2329 // BID: 9525 // VULHUB: VHN-10757

AFFECTED PRODUCTS

vendor:	kerio	model:	personal firewall	scope:	eq	version:	2.1.5	Trust: 1.6
vendor:	kerio	model:	personal firewall	scope:	eq	version:	22.1.5	Trust: 0.3

sources: BID: 9525 // CNNVD: CNNVD-200412-965 // NVD: CVE-2004-2329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2329
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-965
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10757
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-2329
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10757
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10757 // CNNVD: CNNVD-200412-965 // NVD: CVE-2004-2329

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2329

THREAT TYPE

local

Trust: 0.9

sources: BID: 9525 // CNNVD: CNNVD-200412-965

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200412-965

EXTERNAL IDS

db:	BID	id:	9525	Trust: 2.0
db:	NVD	id:	CVE-2004-2329	Trust: 1.7
db:	SECUNIA	id:	10746	Trust: 1.7
db:	OSVDB	id:	3748	Trust: 1.7
db:	SECTRACK	id:	1008870	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-965	Trust: 0.7
db:	XF	id:	14981	Trust: 0.6
db:	NSFOCUS	id:	5983	Trust: 0.6
db:	VULHUB	id:	VHN-10757	Trust: 0.1

sources: VULHUB: VHN-10757 // BID: 9525 // CNNVD: CNNVD-200412-965 // NVD: CVE-2004-2329

REFERENCES

url:	http://www.tuneld.com/news/?id=30	Trust: 2.0
url:	http://www.securityfocus.com/bid/9525	Trust: 1.7
url:	http://www.tuneld.com/_images/other/kpf_system_privileges.png	Trust: 1.7
url:	http://www.osvdb.org/3748	Trust: 1.7
url:	http://www.securitytracker.com/alerts/2004/jan/1008870.html	Trust: 1.7
url:	http://secunia.com/advisories/10746/	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/14981	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/14981	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/5983	Trust: 0.6
url:	http://www.kerio.com	Trust: 0.3

sources: VULHUB: VHN-10757 // BID: 9525 // CNNVD: CNNVD-200412-965 // NVD: CVE-2004-2329

CREDITS

Johan Tuneld

Trust: 0.6

sources: CNNVD: CNNVD-200412-965

SOURCES

db:	VULHUB	id:	VHN-10757
db:	BID	id:	9525
db:	CNNVD	id:	CNNVD-200412-965
db:	NVD	id:	CVE-2004-2329

LAST UPDATE DATE

2024-08-14T15:36:06.653000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10757	date:	2017-07-11T00:00:00
db:	BID	id:	9525	date:	2004-01-29T00:00:00
db:	CNNVD	id:	CNNVD-200412-965	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-2329	date:	2017-07-11T01:31:48.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10757	date:	2004-12-31T00:00:00
db:	BID	id:	9525	date:	2004-01-29T00:00:00
db:	CNNVD	id:	CNNVD-200412-965	date:	2004-01-29T00:00:00
db:	NVD	id:	CVE-2004-2329	date:	2004-12-31T05:00:00