Details of VAR-200412-0822

ID

VAR-200412-0822

CVE

CVE-2004-2554

TITLE

Agnitum Outpost Firewall Local Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 9441 // CNNVD: CNNVD-200412-485

DESCRIPTION

Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges. When Outpost Firewall is in use, the desktop console runs with SYSTEM privileges. It has been reported that it is possible for attackers with desktop access to elevate to these privileges through access validation errors. There are allegedly two instances where the console invokes, without dropping privileges first, commands or programs not under its control that can be hijacked by malicious users. Novell Client Firewall version 2.0 has been reported to be affected by these issues as well. Novell Client Firewall is based on Agnitum Outpost firewall. The software provides comprehensive security protection when users surf the web

Trust: 1.26

sources: NVD: CVE-2004-2554 // BID: 9441 // VULHUB: VHN-10982

AFFECTED PRODUCTS

vendor:	novell	model:	client firewall	scope:	eq	version:	2.0	Trust: 1.9
vendor:	agnitum	model:	outpost firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	agnitum	model:	outpost firewall	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 9441 // CNNVD: CNNVD-200412-485 // NVD: CVE-2004-2554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2554
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-485
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10982
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-2554
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10982
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10982 // CNNVD: CNNVD-200412-485 // NVD: CVE-2004-2554

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2554

THREAT TYPE

local

Trust: 0.9

sources: BID: 9441 // CNNVD: CNNVD-200412-485

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200412-485

EXTERNAL IDS

db:	BID	id:	9441	Trust: 2.0
db:	NVD	id:	CVE-2004-2554	Trust: 2.0
db:	OSVDB	id:	4120	Trust: 1.7
db:	SECUNIA	id:	11014	Trust: 1.7
db:	SECTRACK	id:	1008755	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-485	Trust: 0.7
db:	XF	id:	15367	Trust: 0.6
db:	CIAC	id:	O-090	Trust: 0.6
db:	NSFOCUS	id:	6127	Trust: 0.6
db:	VULHUB	id:	VHN-10982	Trust: 0.1

sources: VULHUB: VHN-10982 // BID: 9441 // CNNVD: CNNVD-200412-485 // NVD: CVE-2004-2554

REFERENCES

url:	http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm	Trust: 2.0
url:	http://www.securityfocus.com/bid/9441	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/o-090.shtml	Trust: 1.7
url:	http://www.osvdb.org/4120	Trust: 1.7
url:	http://securitytracker.com/id?1008755	Trust: 1.7
url:	http://secunia.com/advisories/11014	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15367	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/15367	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6127	Trust: 0.6
url:	http://support.novell.com	Trust: 0.3

sources: VULHUB: VHN-10982 // BID: 9441 // CNNVD: CNNVD-200412-485 // NVD: CVE-2004-2554

CREDITS

KF dotslash@snosoft.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-485

SOURCES

db:	VULHUB	id:	VHN-10982
db:	BID	id:	9441
db:	CNNVD	id:	CNNVD-200412-485
db:	NVD	id:	CVE-2004-2554

LAST UPDATE DATE

2024-08-14T15:25:42.338000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10982	date:	2017-07-11T00:00:00
db:	BID	id:	9441	date:	2004-01-18T00:00:00
db:	CNNVD	id:	CNNVD-200412-485	date:	2005-12-12T00:00:00
db:	NVD	id:	CVE-2004-2554	date:	2017-07-11T01:32:00.357

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10982	date:	2004-12-31T00:00:00
db:	BID	id:	9441	date:	2004-01-18T00:00:00
db:	CNNVD	id:	CNNVD-200412-485	date:	2004-01-18T00:00:00
db:	NVD	id:	CVE-2004-2554	date:	2004-12-31T05:00:00