Sign-up

ID

VAR-200612-0206


CVE

CVE-2006-6620


TITLE

Comodo Personal Firewall Vulnerabilities that prevent process product control on process

Trust: 0.8

sources: JVNDB: JVNDB-2006-001770

DESCRIPTION

Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB

Trust: 1.98

sources: NVD: CVE-2006-6620 // JVNDB: JVNDB-2006-001770 // BID: 21615 // VULHUB: VHN-22728

AFFECTED PRODUCTS

vendor:comodomodel:personal firewallscope:eqversion:2.3.6.81

Trust: 2.1

vendor:symantecmodel:sygate personal firewallscope:eqversion:5.6.2808

Trust: 1.9

vendor:infoprocessmodel:antihookscope:eqversion:3.0.23

Trust: 1.3

vendor:filseclabmodel:personal firewallscope:eqversion:3.0.8686

Trust: 1.3

vendor:soft4evermodel:look n stopscope:eqversion:2.05p2

Trust: 1.0

vendor:avgmodel:antivirus plus firewallscope:eqversion:7.5.431

Trust: 1.0

vendor:lookmodel:'n' stop look 'n' stop 2.05p2scope: - version: -

Trust: 0.3

vendor:avgmodel:anti-virus plus firewallscope:eqversion:7.5.431

Trust: 0.3

sources: BID: 21615 // JVNDB: JVNDB-2006-001770 // CNNVD: CNNVD-200612-385 // NVD: CVE-2006-6620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6620
value: HIGH

Trust: 1.0

NVD: CVE-2006-6620
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200612-385
value: HIGH

Trust: 0.6

VULHUB: VHN-22728
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-6620
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22728
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22728 // JVNDB: JVNDB-2006-001770 // CNNVD: CNNVD-200612-385 // NVD: CVE-2006-6620

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6620

THREAT TYPE

local

Trust: 0.9

sources: BID: 21615 // CNNVD: CNNVD-200612-385

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200612-385

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001770

PATCH
title:Top Pageurl:http://www.comodo.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001770

EXTERNAL IDS
db:NVDid:CVE-2006-6620
Trust: 2.5
db:BIDid:21615
Trust: 2.0
db:JVNDBid:JVNDB-2006-001770
Trust: 0.8
db:CNNVDid:CNNVD-200612-385
Trust: 0.7
db:BUGTRAQid:20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS
Trust: 0.6
db:VULHUBid:VHN-22728
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22728 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001770 // 
            
            
            
            CNNVD: CNNVD-200612-385 // 
            
            
            
            NVD: CVE-2006-6620

REFERENCES
url:http://www.securityfocus.com/bid/21615
Trust: 1.7
url:http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip
Trust: 1.7
url:http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php
Trust: 1.7
url:http://www.securityfocus.com/archive/1/454522/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6620
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6620
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded
Trust: 0.6
url:http://www.infoprocess.com.au/antihook.php
Trust: 0.3
url:http://www.grisoft.com/
Trust: 0.3
url:http://www.comodo.com/
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm&ei=d_6crfdcapuwnqptjcb_&usg=__uqizxyyvwb4dlpaaogel8nftkja=&sig2=riufvoqmxrfqyl4h1bsrzq
Trust: 0.3
url:http://www.symantec.com
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.looknstop.com%2f&ei=m_6crfl8n6cunqp5wef7&usg=__ufqwvzzztduykujwzxq2euu_xna=&sig2=1vrohasxv2wrxkwcut7fua
Trust: 0.3
url:/archive/1/454522
Trust: 0.3
sources:
            
            
            VULHUB: VHN-22728 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001770 // 
            
            
            
            CNNVD: CNNVD-200612-385 // 
            
            
            
            NVD: CVE-2006-6620

CREDITS
Matousec http://www.matousec.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200612-385

SOURCES
db:VULHUBid:VHN-22728
db:BIDid:21615
db:JVNDBid:JVNDB-2006-001770
db:CNNVDid:CNNVD-200612-385
db:NVDid:CVE-2006-6620

LAST UPDATE DATE
2024-08-14T13:39:31.197000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-22728date:2018-10-17T00:00:00
db:BIDid:21615date:2006-12-15T21:18:00
db:JVNDBid:JVNDB-2006-001770date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-385date:2007-02-06T00:00:00
db:NVDid:CVE-2006-6620date:2018-10-17T21:49:17.223

SOURCES RELEASE DATE
db:VULHUBid:VHN-22728date:2006-12-18T00:00:00
db:BIDid:21615date:2006-12-15T00:00:00
db:JVNDBid:JVNDB-2006-001770date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-385date:2006-12-18T00:00:00
db:NVDid:CVE-2006-6620date:2006-12-18T11:28:00