Details of VAR-200510-0181

ID

VAR-200510-0181

CVE

CVE-2005-3198

TITLE

Webroot Software Desktop Firewall Firewall disable vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200510-125

DESCRIPTION

Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. The first issue is a buffer overflow vulnerability, due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. Local attackers may exploit this first issue to execute arbitrary machine code with SYSTEM privileges. Attackers require the ability to modify the firewall's list of allowed applications. The second issue is an authentication bypass vulnerability. Local attackers may exploit the second issue to disable the firewall, aiding them in further attacks. These issues may only be exploited by local attackers with privileges allowing them to utilize 'DeviceIoControl()' to send commands to the firewall driver. These issues are reported to exist in version 1.3.0.43. Other versions may also be affected. 1) A boundary error in PWIWrapper.dll when deleting a program from the list of "allowed" programs can cause a stack-based buffer overflow in FirewallNTService.exe. Successful exploitation allows non-privileged users to execute arbitrary code with SYSTEM privileges, but requires the the ability to add and remove programs from the firewall's permitted application list. SOLUTION: Update to version 1.3.0 build 52. PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research. ORIGINAL ADVISORY: Webroot: http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332 Secunia Research: http://secunia.com/secunia_research/2005-10/advisory/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-3198 // BID: 15016 // VULHUB: VHN-14407 // PACKETSTORM: 40466

AFFECTED PRODUCTS

vendor:	webroot	model:	desktop firewall	scope:	lte	version:	1.3.0_build_43	Trust: 1.0
vendor:	webroot	model:	desktop firewall	scope:	eq	version:	1.3.0_build_43	Trust: 0.6
vendor:	webroot	model:	software desktop firewall	scope:	eq	version:	1.3.0.43	Trust: 0.3
vendor:	webroot	model:	software desktop firewall	scope:	ne	version:	1.3.0.52	Trust: 0.3

sources: BID: 15016 // CNNVD: CNNVD-200510-125 // NVD: CVE-2005-3198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3198
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200510-125
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-14407
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-3198
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14407
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-14407 // CNNVD: CNNVD-200510-125 // NVD: CVE-2005-3198

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3198

THREAT TYPE

local

Trust: 1.0

sources: BID: 15016 // PACKETSTORM: 40466 // CNNVD: CNNVD-200510-125

TYPE

Design Error

Trust: 0.9

sources: BID: 15016 // CNNVD: CNNVD-200510-125

EXTERNAL IDS

db:	BID	id:	15016	Trust: 2.0
db:	SECUNIA	id:	15745	Trust: 1.8
db:	SREASON	id:	55	Trust: 1.7
db:	SECTRACK	id:	1015012	Trust: 1.7
db:	VUPEN	id:	ADV-2005-1973	Trust: 1.7
db:	NVD	id:	CVE-2005-3198	Trust: 1.7
db:	OSVDB	id:	19869	Trust: 1.7
db:	CNNVD	id:	CNNVD-200510-125	Trust: 0.7
db:	XF	id:	22530	Trust: 0.6
db:	FULLDISC	id:	20051006 SECUNIA RESEARCH: WEBROOT DESKTOP FIREWALL TWO VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-14407	Trust: 0.1
db:	PACKETSTORM	id:	40466	Trust: 0.1

sources: VULHUB: VHN-14407 // BID: 15016 // PACKETSTORM: 40466 // CNNVD: CNNVD-200510-125 // NVD: CVE-2005-3198

REFERENCES

url:	http://support.webroot.com/ics/support/kbanswer.asp?questionid=2332	Trust: 1.8
url:	http://secunia.com/secunia_research/2005-10/advisory/	Trust: 1.8
url:	http://secunia.com/advisories/15745/	Trust: 1.8
url:	http://www.securityfocus.com/bid/15016	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0129.html	Trust: 1.7
url:	http://www.osvdb.org/19869	Trust: 1.7
url:	http://securitytracker.com/id?1015012	Trust: 1.7
url:	http://securityreason.com/securityalert/55	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2005/1973	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/22530	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2005/1973	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/22530	Trust: 0.6
url:	http://www.webroot.com/consumer/products/desktopfirewall/	Trust: 0.3
url:	http://support.webroot.com/ics/support/default.asp?deptid=776	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/5805/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-14407 // BID: 15016 // PACKETSTORM: 40466 // CNNVD: CNNVD-200510-125 // NVD: CVE-2005-3198

CREDITS

Tan Chew Keong of Secunia Research is credited with the discovery of these issues.

Trust: 0.9

sources: BID: 15016 // CNNVD: CNNVD-200510-125

SOURCES

db:	VULHUB	id:	VHN-14407
db:	BID	id:	15016
db:	PACKETSTORM	id:	40466
db:	CNNVD	id:	CNNVD-200510-125
db:	NVD	id:	CVE-2005-3198

LAST UPDATE DATE

2024-08-14T15:09:47.050000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-14407	date:	2017-07-11T00:00:00
db:	BID	id:	15016	date:	2005-10-06T00:00:00
db:	CNNVD	id:	CNNVD-200510-125	date:	2006-08-31T00:00:00
db:	NVD	id:	CVE-2005-3198	date:	2017-07-11T01:33:07.547

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-14407	date:	2005-10-14T00:00:00
db:	BID	id:	15016	date:	2005-10-06T00:00:00
db:	PACKETSTORM	id:	40466	date:	2005-10-06T16:36:36
db:	CNNVD	id:	CNNVD-200510-125	date:	2005-10-14T00:00:00
db:	NVD	id:	CVE-2005-3198	date:	2005-10-14T10:02:00