Sign-up

ID

VAR-200612-0205


CVE

CVE-2006-6619


TITLE

AVG Anti-Virus plus Firewall Vulnerabilities that prevent process product control on process

Trust: 0.8

sources: JVNDB: JVNDB-2006-001769

DESCRIPTION

AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. A remote attacker can use the spoofed process to bypass the control of the security check. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB

Trust: 1.98

sources: NVD: CVE-2006-6619 // JVNDB: JVNDB-2006-001769 // BID: 21615 // VULHUB: VHN-22727

AFFECTED PRODUCTS

vendor:symantecmodel:sygate personal firewallscope:eqversion:5.6.2808

Trust: 1.9

vendor:avgmodel:antivirus plus firewallscope:eqversion:7.5.431

Trust: 1.8

vendor:infoprocessmodel:antihookscope:eqversion:3.0.23

Trust: 1.3

vendor:filseclabmodel:personal firewallscope:eqversion:3.0.8686

Trust: 1.3

vendor:comodomodel:personal firewallscope:eqversion:2.3.6.81

Trust: 1.3

vendor:soft4evermodel:look n stopscope:eqversion:2.05p2

Trust: 1.0

vendor:lookmodel:'n' stop look 'n' stop 2.05p2scope: - version: -

Trust: 0.3

vendor:avgmodel:anti-virus plus firewallscope:eqversion:7.5.431

Trust: 0.3

sources: BID: 21615 // JVNDB: JVNDB-2006-001769 // CNNVD: CNNVD-200612-392 // NVD: CVE-2006-6619

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6619
value: HIGH

Trust: 1.0

NVD: CVE-2006-6619
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200612-392
value: HIGH

Trust: 0.6

VULHUB: VHN-22727
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-6619
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22727
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22727 // JVNDB: JVNDB-2006-001769 // CNNVD: CNNVD-200612-392 // NVD: CVE-2006-6619

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6619

THREAT TYPE

local

Trust: 0.9

sources: BID: 21615 // CNNVD: CNNVD-200612-392

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200612-392

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001769

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-22727

PATCH
title:Top Pageurl:http://www.avg.co.jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001769

EXTERNAL IDS
db:NVDid:CVE-2006-6619
Trust: 2.5
db:BIDid:21615
Trust: 2.0
db:JVNDBid:JVNDB-2006-001769
Trust: 0.8
db:CNNVDid:CNNVD-200612-392
Trust: 0.7
db:BUGTRAQid:20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS
Trust: 0.6
db:SEEBUGid:SSVID-82802
Trust: 0.1
db:EXPLOIT-DBid:29287
Trust: 0.1
db:VULHUBid:VHN-22727
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22727 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001769 // 
            
            
            
            CNNVD: CNNVD-200612-392 // 
            
            
            
            NVD: CVE-2006-6619

REFERENCES
url:http://www.securityfocus.com/bid/21615
Trust: 1.7
url:http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip
Trust: 1.7
url:http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php
Trust: 1.7
url:http://www.securityfocus.com/archive/1/454522/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6619
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6619
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded
Trust: 0.6
url:http://www.infoprocess.com.au/antihook.php
Trust: 0.3
url:http://www.grisoft.com/
Trust: 0.3
url:http://www.comodo.com/
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm&ei=d_6crfdcapuwnqptjcb_&usg=__uqizxyyvwb4dlpaaogel8nftkja=&sig2=riufvoqmxrfqyl4h1bsrzq
Trust: 0.3
url:http://www.symantec.com
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.looknstop.com%2f&ei=m_6crfl8n6cunqp5wef7&usg=__ufqwvzzztduykujwzxq2euu_xna=&sig2=1vrohasxv2wrxkwcut7fua
Trust: 0.3
url:/archive/1/454522
Trust: 0.3
sources:
            
            
            VULHUB: VHN-22727 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001769 // 
            
            
            
            CNNVD: CNNVD-200612-392 // 
            
            
            
            NVD: CVE-2006-6619

CREDITS
Matousec http://www.matousec.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200612-392

SOURCES
db:VULHUBid:VHN-22727
db:BIDid:21615
db:JVNDBid:JVNDB-2006-001769
db:CNNVDid:CNNVD-200612-392
db:NVDid:CVE-2006-6619

LAST UPDATE DATE
2024-08-14T13:39:31.137000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-22727date:2018-10-17T00:00:00
db:BIDid:21615date:2006-12-15T21:18:00
db:JVNDBid:JVNDB-2006-001769date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-392date:2007-02-06T00:00:00
db:NVDid:CVE-2006-6619date:2018-10-17T21:49:16.927

SOURCES RELEASE DATE
db:VULHUBid:VHN-22727date:2006-12-18T00:00:00
db:BIDid:21615date:2006-12-15T00:00:00
db:JVNDBid:JVNDB-2006-001769date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-392date:2006-12-18T00:00:00
db:NVDid:CVE-2006-6619date:2006-12-18T11:28:00