ID

VAR-200603-0494


CVE

CVE-2006-0964


TITLE

NCP Network Communication Secure Client of Client Firewall Vulnerable to bypassing firewall program execution rules

Trust: 0.8

sources: JVNDB: JVNDB-2006-003894

DESCRIPTION

Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program. NCP Secure Client is susceptible to multiple vulnerabilities. The following issues have been identified: - Firewall rules designed to allow only specific applications to access the network may be bypassed. - Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. - The VPN client is susceptible to a remote denial-of-service vulnerability. - The VPN client is susceptible to a local privilege-escalation vulnerability. These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users. NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected. TITLE: NCP Secure Entry Client Two Vulnerabilities SECUNIA ADVISORY ID: SA19082 VERIFY ADVISORY: http://secunia.com/advisories/19082/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NCP Secure Entry Client 8.x http://secunia.com/product/8515/ DESCRIPTION: Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure Entry Cilent, which can be exploited by malicious, local users to gain escalated privileges. 1) A design error in the handling of command line options passed to ncpmon.exe can be exploited to bypass the "Configuration Locks" settings and to make certain configuration changes by running ncpmon.exe with a command line argument of more than 261 characters. 2) Insecure permissions in the installation directory can be exploited by malicious users to create files within the directory. This reportedly can be further exploited by creating a "connect.bat" file that will be run with SYSTEM privileges when a VPN connection is established. The vulnerabilities have been reported in version 8.11 Build 146. Other versions may also be affected. SOLUTION: Restrict access to affect systems. PROVIDED AND/OR DISCOVERED BY: Ramon 'ports' Kukla ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2006-0964 // JVNDB: JVNDB-2006-003894 // CNVD: CNVD-2006-1209 // BID: 16906 // PACKETSTORM: 44306

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-1209

AFFECTED PRODUCTS

vendor:ncp networkmodel:secure clientscope:eqversion:8.11_build_146

Trust: 1.6

vendor:ncp networkmodel:secure clientscope:eqversion:8.11 build 146

Trust: 0.8

vendor:securemodel:client ncp network communications 8.11 build 146scope: - version: -

Trust: 0.6

vendor:ncpmodel:network communication secure client buildscope:eqversion:8.11146

Trust: 0.3

sources: CNVD: CNVD-2006-1209 // BID: 16906 // JVNDB: JVNDB-2006-003894 // CNNVD: CNNVD-200603-015 // NVD: CVE-2006-0964

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0964
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-0964
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2006-1209
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200603-015
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2006-0964
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2006-1209
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-1209 // JVNDB: JVNDB-2006-003894 // CNNVD: CNNVD-200603-015 // NVD: CVE-2006-0964

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0964

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 44306 // CNNVD: CNNVD-200603-015

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200603-015

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003894

EXTERNAL IDS

db:NVDid:CVE-2006-0964

Trust: 3.0

db:BIDid:16906

Trust: 2.5

db:SECUNIAid:19082

Trust: 1.7

db:JVNDBid:JVNDB-2006-003894

Trust: 0.8

db:CNVDid:CNVD-2006-1209

Trust: 0.6

db:XFid:25242

Trust: 0.6

db:FULLDISCid:20060301 NCP VPN/PKI CLIENT - VARIOUS BUGS

Trust: 0.6

db:BUGTRAQid:20060301 NCP VPN/PKI CLIENT - VARIOUS BUGS

Trust: 0.6

db:CNNVDid:CNNVD-200603-015

Trust: 0.6

db:PACKETSTORMid:44306

Trust: 0.1

sources: CNVD: CNVD-2006-1209 // BID: 16906 // JVNDB: JVNDB-2006-003894 // PACKETSTORM: 44306 // CNNVD: CNNVD-200603-015 // NVD: CVE-2006-0964

REFERENCES

url:http://www.securityfocus.com/bid/16906

Trust: 2.2

url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-march/042640.html

Trust: 1.7

url:http://secunia.com/advisories/19082

Trust: 1.6

url:http://www.securityfocus.com/archive/1/426480/100/0/threaded

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25242

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0964

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0964

Trust: 0.8

url:http://www.securityfocus.com/archive/1/archive/1/426480/100/0/threaded

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/25242

Trust: 0.6

url:http://www.ncp.de/

Trust: 0.3

url:/archive/1/426480

Trust: 0.3

url:http://secunia.com/product/8515/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/19082/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2006-1209 // BID: 16906 // JVNDB: JVNDB-2006-003894 // PACKETSTORM: 44306 // CNNVD: CNNVD-200603-015 // NVD: CVE-2006-0964

CREDITS

Ramon 'ports' Kukla <ml2@portsonline.net> discovered these issues.

Trust: 0.9

sources: BID: 16906 // CNNVD: CNNVD-200603-015

SOURCES

db:CNVDid:CNVD-2006-1209
db:BIDid:16906
db:JVNDBid:JVNDB-2006-003894
db:PACKETSTORMid:44306
db:CNNVDid:CNNVD-200603-015
db:NVDid:CVE-2006-0964

LAST UPDATE DATE

2024-11-23T21:57:43.700000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-1209date:2006-03-02T00:00:00
db:BIDid:16906date:2006-03-06T06:51:00
db:JVNDBid:JVNDB-2006-003894date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200603-015date:2006-03-03T00:00:00
db:NVDid:CVE-2006-0964date:2024-11-21T00:07:44.580

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-1209date:2006-03-02T00:00:00
db:BIDid:16906date:2006-03-01T00:00:00
db:JVNDBid:JVNDB-2006-003894date:2014-03-11T00:00:00
db:PACKETSTORMid:44306date:2006-03-02T21:01:19
db:CNNVDid:CNNVD-200603-015date:2006-03-02T00:00:00
db:NVDid:CVE-2006-0964date:2006-03-02T23:02:00