Details of VAR-200603-0486

ID

VAR-200603-0486

CVE

CVE-2006-0956

TITLE

NuFW nuauth Remotely TLS Connection Processing Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200603-006

DESCRIPTION

nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server. NuFW is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle excessive authentication requests. This issue results in the 'nuauth' module failing to respond to new authentication requests, denying service to further users. NuFW versions prior to 1.0.21 are affected by this issue

Trust: 1.26

sources: NVD: CVE-2006-0956 // BID: 16868 // VULHUB: VHN-17064

AFFECTED PRODUCTS

vendor:	nufw	model:	firewall	scope:	eq	version:	1.0.20	Trust: 1.6
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.20	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.19	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.18	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.17	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.16	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.15	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.14	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.13	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.12	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	eq	version:	1.0.11	Trust: 0.3
vendor:	nufw	model:	nufw	scope:	ne	version:	1.0.21	Trust: 0.3

sources: BID: 16868 // CNNVD: CNNVD-200603-006 // NVD: CVE-2006-0956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0956
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200603-006
value:	LOW
Trust: 0.6
VULHUB:	VHN-17064
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2006-0956
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-17064
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-17064 // CNNVD: CNNVD-200603-006 // NVD: CVE-2006-0956

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0956

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200603-006

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200603-006

EXTERNAL IDS

db:	BID	id:	16868	Trust: 2.0
db:	NVD	id:	CVE-2006-0956	Trust: 1.7
db:	VUPEN	id:	ADV-2006-0762	Trust: 1.7
db:	SECUNIA	id:	19046	Trust: 1.7
db:	CNNVD	id:	CNNVD-200603-006	Trust: 0.6
db:	VULHUB	id:	VHN-17064	Trust: 0.1

sources: VULHUB: VHN-17064 // BID: 16868 // CNNVD: CNNVD-200603-006 // NVD: CVE-2006-0956

REFERENCES

url:	http://www.nufw.org/+nufw-1-21-minor-security-fix+.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/16868	Trust: 1.7
url:	http://secunia.com/advisories/19046	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/0762	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2006/0762	Trust: 0.6
url:	http://www.nufw.org/	Trust: 0.3

sources: VULHUB: VHN-17064 // BID: 16868 // CNNVD: CNNVD-200603-006 // NVD: CVE-2006-0956

CREDITS

The vendor disclosed this issue.

Trust: 0.9

sources: BID: 16868 // CNNVD: CNNVD-200603-006

SOURCES

db:	VULHUB	id:	VHN-17064
db:	BID	id:	16868
db:	CNNVD	id:	CNNVD-200603-006
db:	NVD	id:	CVE-2006-0956

LAST UPDATE DATE

2024-08-14T15:31:03.979000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-17064	date:	2011-03-08T00:00:00
db:	BID	id:	16868	date:	2006-03-03T06:11:00
db:	CNNVD	id:	CNNVD-200603-006	date:	2006-03-03T00:00:00
db:	NVD	id:	CVE-2006-0956	date:	2011-03-08T02:31:26.173

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-17064	date:	2006-03-02T00:00:00
db:	BID	id:	16868	date:	2006-02-28T00:00:00
db:	CNNVD	id:	CNNVD-200603-006	date:	2006-03-02T00:00:00
db:	NVD	id:	CVE-2006-0956	date:	2006-03-02T23:02:00