Details of VAR-200610-0005

ID

VAR-200610-0005

CVE

CVE-2006-3455

TITLE

Symantec AntiVirus Corporate Edition Used in etc. SAVRT.SYS Vulnerability to execute arbitrary code in device driver

Trust: 0.8

sources: JVNDB: JVNDB-2006-002729

DESCRIPTION

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. Symantec AntiVirus and Symantec Client Security are prone to a privilege-escalation vulnerability. Local attackers can exploit this issue to corrupt memory and execute arbitrary code with kernel-level privileges. Successful exploits may facilitate a complete system compromise. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to an improper validation of the output buffer address space of a "DeviceIOControl()" call in the SAVRT.SYS device driver. PROVIDED AND/OR DISCOVERED BY: The vendor credits Boon Seng Lim. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/avcenter/security/Content/2006.10.23.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-3455 // JVNDB: JVNDB-2006-002729 // BID: 20684 // VULHUB: VHN-19563 // PACKETSTORM: 51254

AFFECTED PRODUCTS

vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0.1.1000	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.1.366	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0.1.1.1000	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0.2.1000	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.1.377	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0.1	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.1_build8.1.1.314a	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.1.329	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	9.0.2	Trust: 1.6
vendor:	symantec	model:	client security	scope:	eq	version:	1.1	Trust: 1.3
vendor:	symantec	model:	client security	scope:	eq	version:	1.1.1	Trust: 1.3
vendor:	symantec	model:	client security	scope:	eq	version:	2.0	Trust: 1.3
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.1.323	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.1.319	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0_scf_7.1	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0.3_build_9.0.3.1000	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1_stm_b8.1.0.825a	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.01.464	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1.1_mr6_b8.1.1.266	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.1_build393	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.01.471	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0.2_build_9.0.2.1000	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.01.437	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1.1_build_393	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1.1_mr2_build_8.1.1.319	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.01.434	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1.1_mr5_build_8.1.1.336	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.01.460	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.01.446	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1.1_mr3_build_8.1.1.323	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1.1_mr4_build_8.1.1.329	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0.1_build_9.0.1.1000	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1.1_mr1_build_8.1.1.314a	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.01.457	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0_stm_build_9.0.0.338	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	8.1.0.825a	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.1 and 2.0.x to 2.0.3	Trust: 0.8
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate edition 8.1 and 9.0.x to 9.0.3	Trust: 0.8
vendor:	symantec	model:	client security mr4 build	scope:	eq	version:	1.0.18.01.446	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.18.01.457	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	9.0.0.338	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.18.01.460	Trust: 0.3
vendor:	symantec	model:	client security mr3 build	scope:	eq	version:	1.0.18.01.434	Trust: 0.3
vendor:	symantec	model:	client security mr9 build	scope:	ne	version:	1.1.1393	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition mr9	scope:	ne	version:	8.1.1	Trust: 0.3
vendor:	symantec	model:	client security mr4 build	scope:	ne	version:	2.0.41000	Trust: 0.3
vendor:	symantec	model:	client security	scope:	eq	version:	1.0	Trust: 0.3
vendor:	symantec	model:	client security b8.01.9378	scope:	eq	version:	1.0.0	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.1.18.1.1.329	Trust: 0.3
vendor:	symantec	model:	client security b8.01.9374	scope:	eq	version:	1.0	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	9.0.3.1000	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.1.18.1.1.323	Trust: 0.3
vendor:	symantec	model:	client security mr2 b9.0.2.1000	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.18.01.464	Trust: 0.3
vendor:	symantec	model:	client security mr8 build	scope:	eq	version:	1.0.18.01.471	Trust: 0.3
vendor:	symantec	model:	client security mr1 b9.0.1.1000	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	symantec	model:	client security	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	symantec	model:	client security	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition mr4 build	scope:	ne	version:	9.0.41000	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	symantec	model:	client security stm build	scope:	eq	version:	2.09.0.0.338	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.18.01.434	Trust: 0.3
vendor:	symantec	model:	client security mr2 b8.01.429c	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition .0.825a	scope:	eq	version:	8.1	Trust: 0.3
vendor:	symantec	model:	client security mr1 b8.01.425a/b	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	symantec	model:	client security mr3 b9.0.3.1000	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	symantec	model:	client security build	scope:	eq	version:	1.0.18.01.437	Trust: 0.3
vendor:	symantec	model:	client security mr5 build	scope:	eq	version:	1.0.18.01.457	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	9.0.2.1000	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	9.0.1.1.1000	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.1.18.1.1.319	Trust: 0.3
vendor:	symantec	model:	client security (scf	scope:	eq	version:	2.07.1)	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	8.1.1.377	Trust: 0.3
vendor:	symantec	model:	client security stm b8.1.0.825a	scope:	eq	version:	1.1	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	8.1.1.366	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	8.1	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.18.01.471	Trust: 0.3
vendor:	symantec	model:	client security mr9 b8.01.501	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	symantec	model:	client security mr7 build	scope:	eq	version:	1.0.18.01.464	Trust: 0.3
vendor:	symantec	model:	client security mr6 build	scope:	eq	version:	1.0.18.01.460	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.18.01.446	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build 8.1.1.314a	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.18.01.437	Trust: 0.3
vendor:	symantec	model:	antivirus corporate edition build	scope:	eq	version:	8.1.1393	Trust: 0.3

sources: BID: 20684 // JVNDB: JVNDB-2006-002729 // CNNVD: CNNVD-200610-380 // NVD: CVE-2006-3455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3455
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-3455
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200610-380
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-19563
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-3455
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-19563
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-19563 // JVNDB: JVNDB-2006-002729 // CNNVD: CNNVD-200610-380 // NVD: CVE-2006-3455

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3455

THREAT TYPE

local

Trust: 1.0

sources: BID: 20684 // PACKETSTORM: 51254 // CNNVD: CNNVD-200610-380

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 20684 // CNNVD: CNNVD-200610-380

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002729

PATCH

title:

SYM06-022

url:

http://www.symantec.com/avcenter/security/Content/2006.10.23.html

Trust: 0.8

sources: JVNDB: JVNDB-2006-002729

EXTERNAL IDS

db:	NVD	id:	CVE-2006-3455	Trust: 2.8
db:	BID	id:	20684	Trust: 2.0
db:	SECUNIA	id:	22536	Trust: 1.8
db:	SECTRACK	id:	1017108	Trust: 1.7
db:	SECTRACK	id:	1017109	Trust: 1.7
db:	VUPEN	id:	ADV-2006-4157	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-002729	Trust: 0.8
db:	CNNVD	id:	CNNVD-200610-380	Trust: 0.7
db:	BUGTRAQ	id:	20061023 SYMANTEC PRODUCT SECURITY: SYMANTEC DEVICE DRIVER ELEVATION OF PRIVILEG	Trust: 0.6
db:	XF	id:	29762	Trust: 0.6
db:	SEEBUG	id:	SSVID-104	Trust: 0.1
db:	VULHUB	id:	VHN-19563	Trust: 0.1
db:	PACKETSTORM	id:	51254	Trust: 0.1

sources: VULHUB: VHN-19563 // BID: 20684 // JVNDB: JVNDB-2006-002729 // PACKETSTORM: 51254 // CNNVD: CNNVD-200610-380 // NVD: CVE-2006-3455

REFERENCES

url:	http://www.symantec.com/avcenter/security/content/2006.10.23.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/20684	Trust: 1.7
url:	http://securitytracker.com/id?1017108	Trust: 1.7
url:	http://securitytracker.com/id?1017109	Trust: 1.7
url:	http://secunia.com/advisories/22536	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/449524/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/4157	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29762	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3455	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3455	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/29762	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/449524/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4157	Trust: 0.6
url:	http://securityresponse.symantec.com/avcenter/security/content/2006.10.23.html	Trust: 0.3
url:	http://www.symantec.com/products/enterprise?c=prodinfo&refid=805	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/3549/	Trust: 0.1
url:	http://secunia.com/product/3478/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/659/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/2344/	Trust: 0.1
url:	http://secunia.com/advisories/22536/	Trust: 0.1

sources: VULHUB: VHN-19563 // BID: 20684 // JVNDB: JVNDB-2006-002729 // PACKETSTORM: 51254 // CNNVD: CNNVD-200610-380 // NVD: CVE-2006-3455

CREDITS

Boon Seng Lim

Trust: 0.6

sources: CNNVD: CNNVD-200610-380

SOURCES

db:	VULHUB	id:	VHN-19563
db:	BID	id:	20684
db:	JVNDB	id:	JVNDB-2006-002729
db:	PACKETSTORM	id:	51254
db:	CNNVD	id:	CNNVD-200610-380
db:	NVD	id:	CVE-2006-3455

LAST UPDATE DATE

2024-08-14T14:29:05.812000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-19563	date:	2018-10-18T00:00:00
db:	BID	id:	20684	date:	2006-10-24T19:28:00
db:	JVNDB	id:	JVNDB-2006-002729	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200610-380	date:	2006-10-24T00:00:00
db:	NVD	id:	CVE-2006-3455	date:	2018-10-18T16:47:38.097

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-19563	date:	2006-10-23T00:00:00
db:	BID	id:	20684	date:	2006-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2006-002729	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	51254	date:	2006-10-24T18:46:26
db:	CNNVD	id:	CNNVD-200610-380	date:	2006-10-23T00:00:00
db:	NVD	id:	CVE-2006-3455	date:	2006-10-23T20:07:00