VAR-200608-0326
Vulnerability from variot - Updated: 2023-12-18 14:02Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this. An attacker may exploit this vulnerability to bypass Norton's registry protection mechanism and modify the 'SuiteOwners' registry entry to load an arbitrary library file. This will likely lead to further attacks. The individual who discovered this issue claims to have tested it on Norton Personal Firewall 2006 version 9.1.0.33. Other versions could also be affected. Norton Internet Security products that include the vulnerable application may also be affected. RETIRED: This BID is being retired; further investigation indicates that the application is not vulnerable to this issue. Norton uses its own registry key to prevent the operation of other applications, but can use the API functions RegSaveKey and RegRestoreKey to bypass the protection of the registry key HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners. This registry key is also used to store some important information such as NISProd.dll. Malicious applications can use RegSaveKey and RegRestoreKey to modify the value in SuiteOwners, causing Norton to load fake function libraries into the process. Malicious code in the fake function library can manipulate any Norton component and bypass all security protections
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200608-0326",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "norton personal firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "2006_9.1.0.33"
},
{
"model": "norton personal firewall",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "2006 9.1.0.33"
},
{
"model": "norton personal firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "2006_9.1.0.33"
},
{
"model": "norton personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "2006"
}
],
"sources": [
{
"db": "BID",
"id": "19585"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003054"
},
{
"db": "NVD",
"id": "CVE-2006-4266"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2006_9.1.0.33",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4266"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Matousek david@matousec.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-4266",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-20374",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4266",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200608-315",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-20374",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20374"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003054"
},
{
"db": "NVD",
"id": "CVE-2006-4266"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\\SOFTWARE\\Symantec\\CCPD\\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product\u0027s functionality is intended to protect against privileged actions such as this. \nAn attacker may exploit this vulnerability to bypass Norton\u0027s registry protection mechanism and modify the \u0027SuiteOwners\u0027 registry entry to load an arbitrary library file. This will likely lead to further attacks. \nThe individual who discovered this issue claims to have tested it on Norton Personal Firewall 2006 version 9.1.0.33. Other versions could also be affected. Norton Internet Security products that include the vulnerable application may also be affected. \nRETIRED: This BID is being retired; further investigation indicates that the application is not vulnerable to this issue. Norton uses its own registry key to prevent the operation of other applications, but can use the API functions RegSaveKey and RegRestoreKey to bypass the protection of the registry key HKLM\\SOFTWARE\\Symantec\\CCPD\\SuiteOwners. This registry key is also used to store some important information such as NISProd.dll. Malicious applications can use RegSaveKey and RegRestoreKey to modify the value in SuiteOwners, causing Norton to load fake function libraries into the process. Malicious code in the fake function library can manipulate any Norton component and bypass all security protections",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4266"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003054"
},
{
"db": "BID",
"id": "19585"
},
{
"db": "VULHUB",
"id": "VHN-20374"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-4266",
"trust": 2.8
},
{
"db": "BID",
"id": "19585",
"trust": 2.0
},
{
"db": "SREASON",
"id": "1428",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003054",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200608-315",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060818 NORTON DLL FAKING VIA \u0027SUITEOWNERS\u0027 PROTECTION BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-20374",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20374"
},
{
"db": "BID",
"id": "19585"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003054"
},
{
"db": "NVD",
"id": "CVE-2006-4266"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
]
},
"id": "VAR-200608-0326",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20374"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:02:41.655000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Norton Personal Firewall",
"trust": 0.8,
"url": "http://us.norton.com/now/en/pu/images/promotions/2012/5804/ch2.html?undefined\u0026s_tnt=48837:19:0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19585"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/norton-dll-faking-via-suiteowners-protection-bypass.php"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1428"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/443632/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4266"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4266"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/443632/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "/archive/1/443632"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20374"
},
{
"db": "BID",
"id": "19585"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003054"
},
{
"db": "NVD",
"id": "CVE-2006-4266"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-20374"
},
{
"db": "BID",
"id": "19585"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003054"
},
{
"db": "NVD",
"id": "CVE-2006-4266"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-20374"
},
{
"date": "2006-08-18T00:00:00",
"db": "BID",
"id": "19585"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003054"
},
{
"date": "2006-08-21T21:04:00",
"db": "NVD",
"id": "CVE-2006-4266"
},
{
"date": "2006-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20374"
},
{
"date": "2007-07-13T18:36:00",
"db": "BID",
"id": "19585"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003054"
},
{
"date": "2018-10-17T21:34:19.457000",
"db": "NVD",
"id": "CVE-2006-4266"
},
{
"date": "2006-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "19585"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Norton Personal Firewall Vulnerability added to Trojan horse library",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-315"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…