ID

VAR-200601-0135


CVE

CVE-2006-0255


TITLE

Check Point VPN-1 SecureClient Path Specification Local Privilege Upgrade Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200601-167

DESCRIPTION

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed. The application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges. Specific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed

Trust: 1.26

sources: NVD: CVE-2006-0255 // BID: 16290 // VULHUB: VHN-16363

AFFECTED PRODUCTS

vendor:checkpointmodel:vpn-1scope:eqversion:4.1

Trust: 1.6

vendor:checkpointmodel:vpn-1scope:eqversion:*

Trust: 1.0

vendor:checkpointmodel:vpn-1scope:eqversion:fp1

Trust: 0.6

vendor:checkmodel:point software vpn-1 sp6scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp5ascope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp5scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp4scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp3scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp2scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 fp1scope: - version: -

Trust: 0.3

sources: BID: 16290 // CNNVD: CNNVD-200601-167 // NVD: CVE-2006-0255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0255
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200601-167
value: HIGH

Trust: 0.6

VULHUB: VHN-16363
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0255
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16363
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16363 // CNNVD: CNNVD-200601-167 // NVD: CVE-2006-0255

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0255

THREAT TYPE

local

Trust: 0.9

sources: BID: 16290 // CNNVD: CNNVD-200601-167

TYPE

Design Error

Trust: 0.9

sources: BID: 16290 // CNNVD: CNNVD-200601-167

EXTERNAL IDS

db:BIDid:16290

Trust: 2.0

db:NVDid:CVE-2006-0255

Trust: 1.7

db:VUPENid:ADV-2006-0258

Trust: 1.7

db:CNNVDid:CNNVD-200601-167

Trust: 0.7

db:BUGTRAQid:20060117 [ TZO-012006 ] CHECKPOINT VPN-1 SECURECLIENT INSECURE USAGE OF CREATEPROCESS()

Trust: 0.6

db:VULHUBid:VHN-16363

Trust: 0.1

sources: VULHUB: VHN-16363 // BID: 16290 // CNNVD: CNNVD-200601-167 // NVD: CVE-2006-0255

REFERENCES

url:http://www.securityfocus.com/bid/16290

Trust: 1.7

url:http://secdev.zoller.lu/research/checkpoint.txt

Trust: 1.7

url:http://www.securityfocus.com/archive/1/422263/100/0/threaded

Trust: 1.1

url:http://www.vupen.com/english/advisories/2006/0258

Trust: 1.1

url:http://www.securityfocus.com/archive/1/archive/1/422263/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/0258

Trust: 0.6

url:http://www.checkpoint.com/products/vpn-1_clients/index.html

Trust: 0.3

url:/archive/1/422263

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-16363 // BID: 16290 // CNNVD: CNNVD-200601-167 // NVD: CVE-2006-0255

CREDITS

Thierry Zoller

Trust: 0.6

sources: CNNVD: CNNVD-200601-167

SOURCES

db:VULHUBid:VHN-16363
db:BIDid:16290
db:CNNVDid:CNNVD-200601-167
db:NVDid:CVE-2006-0255

LAST UPDATE DATE

2024-11-23T21:49:46.683000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16363date:2018-10-19T00:00:00
db:BIDid:16290date:2006-01-17T00:00:00
db:CNNVDid:CNNVD-200601-167date:2006-02-03T00:00:00
db:NVDid:CVE-2006-0255date:2024-11-21T00:06:02.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-16363date:2006-01-18T00:00:00
db:BIDid:16290date:2006-01-17T00:00:00
db:CNNVDid:CNNVD-200601-167date:2006-01-17T00:00:00
db:NVDid:CVE-2006-0255date:2006-01-18T01:51:00