Sign-up

ID

VAR-200612-0207


CVE

CVE-2006-6621


TITLE

Filseclab Personal Firewall Vulnerability that bypasses ongoing product control

Trust: 0.8

sources: JVNDB: JVNDB-2006-001771

DESCRIPTION

Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB

Trust: 1.98

sources: NVD: CVE-2006-6621 // JVNDB: JVNDB-2006-001771 // BID: 21615 // VULHUB: VHN-22729

AFFECTED PRODUCTS

vendor:symantecmodel:sygate personal firewallscope:eqversion:5.6.2808

Trust: 1.9

vendor:infoprocessmodel:antihookscope:eqversion:3.0.23

Trust: 1.3

vendor:filseclabmodel:personal firewallscope:eqversion:3.0.8686

Trust: 1.3

vendor:comodomodel:personal firewallscope:eqversion:2.3.6.81

Trust: 1.3

vendor:soft4evermodel:look n stopscope:eqversion:2.05p2

Trust: 1.0

vendor:avgmodel:antivirus plus firewallscope:eqversion:7.5.431

Trust: 1.0

vendor:filseclabmodel:personal firewallscope:eqversion:3.0.0.8686

Trust: 0.8

vendor:lookmodel:'n' stop look 'n' stop 2.05p2scope: - version: -

Trust: 0.3

vendor:avgmodel:anti-virus plus firewallscope:eqversion:7.5.431

Trust: 0.3

sources: BID: 21615 // JVNDB: JVNDB-2006-001771 // CNNVD: CNNVD-200612-399 // NVD: CVE-2006-6621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6621
value: HIGH

Trust: 1.0

NVD: CVE-2006-6621
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200612-399
value: HIGH

Trust: 0.6

VULHUB: VHN-22729
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-6621
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22729
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22729 // JVNDB: JVNDB-2006-001771 // CNNVD: CNNVD-200612-399 // NVD: CVE-2006-6621

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6621

THREAT TYPE

local

Trust: 0.9

sources: BID: 21615 // CNNVD: CNNVD-200612-399

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200612-399

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001771

PATCH
title:Top Pageurl:http://www.filseclab.com/eng/products/firewall.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001771

EXTERNAL IDS
db:NVDid:CVE-2006-6621
Trust: 2.5
db:BIDid:21615
Trust: 2.0
db:JVNDBid:JVNDB-2006-001771
Trust: 0.8
db:CNNVDid:CNNVD-200612-399
Trust: 0.7
db:BUGTRAQid:20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS
Trust: 0.6
db:VULHUBid:VHN-22729
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22729 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001771 // 
            
            
            
            CNNVD: CNNVD-200612-399 // 
            
            
            
            NVD: CVE-2006-6621

REFERENCES
url:http://www.securityfocus.com/bid/21615
Trust: 1.7
url:http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip
Trust: 1.7
url:http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php
Trust: 1.7
url:http://www.securityfocus.com/archive/1/454522/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6621
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6621
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded
Trust: 0.6
url:http://www.infoprocess.com.au/antihook.php
Trust: 0.3
url:http://www.grisoft.com/
Trust: 0.3
url:http://www.comodo.com/
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm&ei=d_6crfdcapuwnqptjcb_&usg=__uqizxyyvwb4dlpaaogel8nftkja=&sig2=riufvoqmxrfqyl4h1bsrzq
Trust: 0.3
url:http://www.symantec.com
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.looknstop.com%2f&ei=m_6crfl8n6cunqp5wef7&usg=__ufqwvzzztduykujwzxq2euu_xna=&sig2=1vrohasxv2wrxkwcut7fua
Trust: 0.3
url:/archive/1/454522
Trust: 0.3
sources:
            
            
            VULHUB: VHN-22729 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001771 // 
            
            
            
            CNNVD: CNNVD-200612-399 // 
            
            
            
            NVD: CVE-2006-6621

CREDITS
Matousec http://www.matousec.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200612-399

SOURCES
db:VULHUBid:VHN-22729
db:BIDid:21615
db:JVNDBid:JVNDB-2006-001771
db:CNNVDid:CNNVD-200612-399
db:NVDid:CVE-2006-6621

LAST UPDATE DATE
2024-08-14T13:39:31.226000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-22729date:2018-10-17T00:00:00
db:BIDid:21615date:2006-12-15T21:18:00
db:JVNDBid:JVNDB-2006-001771date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-399date:2007-02-06T00:00:00
db:NVDid:CVE-2006-6621date:2018-10-17T21:49:17.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-22729date:2006-12-18T00:00:00
db:BIDid:21615date:2006-12-15T00:00:00
db:JVNDBid:JVNDB-2006-001771date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-399date:2006-12-18T00:00:00
db:NVDid:CVE-2006-6621date:2006-12-18T11:28:00