Sign-up

ID

VAR-200608-0326


CVE

CVE-2006-4266


TITLE

Symantec Norton Personal Firewall Vulnerability added to Trojan horse library

Trust: 0.8

sources: JVNDB: JVNDB-2006-003054

DESCRIPTION

Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this. An attacker may exploit this vulnerability to bypass Norton's registry protection mechanism and modify the 'SuiteOwners' registry entry to load an arbitrary library file. This will likely lead to further attacks. The individual who discovered this issue claims to have tested it on Norton Personal Firewall 2006 version 9.1.0.33. Other versions could also be affected. Norton Internet Security products that include the vulnerable application may also be affected. RETIRED: This BID is being retired; further investigation indicates that the application is not vulnerable to this issue. Norton uses its own registry key to prevent the operation of other applications, but can use the API functions RegSaveKey and RegRestoreKey to bypass the protection of the registry key HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners. This registry key is also used to store some important information such as NISProd.dll. Malicious applications can use RegSaveKey and RegRestoreKey to modify the value in SuiteOwners, causing Norton to load fake function libraries into the process. Malicious code in the fake function library can manipulate any Norton component and bypass all security protections

Trust: 1.98

sources: NVD: CVE-2006-4266 // JVNDB: JVNDB-2006-003054 // BID: 19585 // VULHUB: VHN-20374

AFFECTED PRODUCTS

vendor:symantecmodel:norton personal firewallscope:lteversion:2006_9.1.0.33

Trust: 1.0

vendor:symantecmodel:norton personal firewallscope:lteversion:2006 9.1.0.33

Trust: 0.8

vendor:symantecmodel:norton personal firewallscope:eqversion:2006_9.1.0.33

Trust: 0.6

vendor:symantecmodel:norton personal firewallscope:eqversion:2006

Trust: 0.3

sources: BID: 19585 // JVNDB: JVNDB-2006-003054 // CNNVD: CNNVD-200608-315 // NVD: CVE-2006-4266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4266
value: LOW

Trust: 1.0

NVD: CVE-2006-4266
value: LOW

Trust: 0.8

CNNVD: CNNVD-200608-315
value: LOW

Trust: 0.6

VULHUB: VHN-20374
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2006-4266
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20374
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-20374 // JVNDB: JVNDB-2006-003054 // CNNVD: CNNVD-200608-315 // NVD: CVE-2006-4266

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4266

THREAT TYPE

local

Trust: 0.9

sources: BID: 19585 // CNNVD: CNNVD-200608-315

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200608-315

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-003054

PATCH
title:Norton Personal Firewallurl:http://us.norton.com/now/en/pu/images/Promotions/2012/5804/ch2.html?undefined&s_tnt=48837:19:0
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-003054

EXTERNAL IDS
db:NVDid:CVE-2006-4266
Trust: 2.8
db:BIDid:19585
Trust: 2.0
db:SREASONid:1428
Trust: 1.7
db:JVNDBid:JVNDB-2006-003054
Trust: 0.8
db:CNNVDid:CNNVD-200608-315
Trust: 0.7
db:BUGTRAQid:20060818 NORTON DLL FAKING VIA 'SUITEOWNERS' PROTECTION BYPASS VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-20374
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20374 // 
            
            
            
            BID: 19585 // 
            
            
            
            JVNDB: JVNDB-2006-003054 // 
            
            
            
            CNNVD: CNNVD-200608-315 // 
            
            
            
            NVD: CVE-2006-4266

REFERENCES
url:http://www.securityfocus.com/bid/19585
Trust: 1.7
url:http://www.matousec.com/info/advisories/norton-dll-faking-via-suiteowners-protection-bypass.php
Trust: 1.7
url:http://securityreason.com/securityalert/1428
Trust: 1.7
url:http://www.securityfocus.com/archive/1/443632/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4266
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4266
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/443632/100/0/threaded
Trust: 0.6
url:http://www.symantec.com
Trust: 0.3
url:/archive/1/443632
Trust: 0.3
sources:
            
            
            VULHUB: VHN-20374 // 
            
            
            
            BID: 19585 // 
            
            
            
            JVNDB: JVNDB-2006-003054 // 
            
            
            
            CNNVD: CNNVD-200608-315 // 
            
            
            
            NVD: CVE-2006-4266

CREDITS
David Matousek david@matousec.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200608-315

SOURCES
db:VULHUBid:VHN-20374
db:BIDid:19585
db:JVNDBid:JVNDB-2006-003054
db:CNNVDid:CNNVD-200608-315
db:NVDid:CVE-2006-4266

LAST UPDATE DATE
2024-08-14T13:39:39.571000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-20374date:2018-10-17T00:00:00
db:BIDid:19585date:2007-07-13T18:36:00
db:JVNDBid:JVNDB-2006-003054date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200608-315date:2006-08-26T00:00:00
db:NVDid:CVE-2006-4266date:2018-10-17T21:34:19.457

SOURCES RELEASE DATE
db:VULHUBid:VHN-20374date:2006-08-21T00:00:00
db:BIDid:19585date:2006-08-18T00:00:00
db:JVNDBid:JVNDB-2006-003054date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200608-315date:2006-08-21T00:00:00
db:NVDid:CVE-2006-4266date:2006-08-21T21:04:00