Details of VAR-200601-0135

ID

VAR-200601-0135

CVE

CVE-2006-0255

TITLE

Check Point VPN-1 SecureClient Path Specification Local Privilege Upgrade Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200601-167

DESCRIPTION

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed. The application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges. Specific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed

Trust: 1.26

sources: NVD: CVE-2006-0255 // BID: 16290 // VULHUB: VHN-16363

AFFECTED PRODUCTS

vendor:	checkpoint	model:	vpn-1	scope:	eq	version:	4.1	Trust: 1.6
vendor:	checkpoint	model:	vpn-1	scope:	eq	version:	*	Trust: 1.0
vendor:	checkpoint	model:	vpn-1	scope:	eq	version:	fp1	Trust: 0.6
vendor:	check	model:	point software vpn-1 sp6	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp5a	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp5	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 fp1	scope:	-	version:	-	Trust: 0.3

sources: BID: 16290 // CNNVD: CNNVD-200601-167 // NVD: CVE-2006-0255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0255
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200601-167
value:	HIGH
Trust: 0.6
VULHUB:	VHN-16363
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-0255
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-16363
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-16363 // CNNVD: CNNVD-200601-167 // NVD: CVE-2006-0255

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0255

THREAT TYPE

local

Trust: 0.9

sources: BID: 16290 // CNNVD: CNNVD-200601-167

TYPE

Design Error

Trust: 0.9

sources: BID: 16290 // CNNVD: CNNVD-200601-167

EXTERNAL IDS

db:	BID	id:	16290	Trust: 2.0
db:	NVD	id:	CVE-2006-0255	Trust: 1.7
db:	VUPEN	id:	ADV-2006-0258	Trust: 1.7
db:	CNNVD	id:	CNNVD-200601-167	Trust: 0.7
db:	BUGTRAQ	id:	20060117 [ TZO-012006 ] CHECKPOINT VPN-1 SECURECLIENT INSECURE USAGE OF CREATEPROCESS()	Trust: 0.6
db:	VULHUB	id:	VHN-16363	Trust: 0.1

sources: VULHUB: VHN-16363 // BID: 16290 // CNNVD: CNNVD-200601-167 // NVD: CVE-2006-0255

REFERENCES

url:	http://www.securityfocus.com/bid/16290	Trust: 1.7
url:	http://secdev.zoller.lu/research/checkpoint.txt	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/422263/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/0258	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/422263/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/0258	Trust: 0.6
url:	http://www.checkpoint.com/products/vpn-1_clients/index.html	Trust: 0.3
url:	/archive/1/422263	Trust: 0.3
url:	-	Trust: 0.1

sources: VULHUB: VHN-16363 // BID: 16290 // CNNVD: CNNVD-200601-167 // NVD: CVE-2006-0255

CREDITS

Thierry Zoller

Trust: 0.6

sources: CNNVD: CNNVD-200601-167

SOURCES

db:	VULHUB	id:	VHN-16363
db:	BID	id:	16290
db:	CNNVD	id:	CNNVD-200601-167
db:	NVD	id:	CVE-2006-0255

LAST UPDATE DATE

2024-08-14T13:50:54.413000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-16363	date:	2018-10-19T00:00:00
db:	BID	id:	16290	date:	2006-01-17T00:00:00
db:	CNNVD	id:	CNNVD-200601-167	date:	2006-02-03T00:00:00
db:	NVD	id:	CVE-2006-0255	date:	2018-10-19T15:43:35.437

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-16363	date:	2006-01-18T00:00:00
db:	BID	id:	16290	date:	2006-01-17T00:00:00
db:	CNNVD	id:	CNNVD-200601-167	date:	2006-01-17T00:00:00
db:	NVD	id:	CVE-2006-0255	date:	2006-01-18T01:51:00