VAR-200612-0205
Vulnerability from variot - Updated: 2023-12-18 12:32AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. A remote attacker can use the spoofed process to bypass the control of the security check. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sygate personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "5.6.2808"
},
{
"model": "antivirus plus firewall",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "7.5.431"
},
{
"model": "antihook",
"scope": "eq",
"trust": 1.3,
"vendor": "infoprocess",
"version": "3.0.23"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "filseclab",
"version": "3.0.8686"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "comodo",
"version": "2.3.6.81"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 1.0,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "\u0027n\u0027 stop look \u0027n\u0027 stop 2.05p2",
"scope": null,
"trust": 0.3,
"vendor": "look",
"version": null
},
{
"model": "anti-virus plus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "7.5.431"
}
],
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6619"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6619",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-6619",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-22727",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6619",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-392",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22727",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. \nAn attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim\u0027s computer. \nThe following software is vulnerable; other versions may also be affected:\nInfoProcess AntiHook version 3.0.0.23\nAVG Anti-Virus plus Firewall version 7.5.431\nComodo Personal Firewall version 2.3.6.81\nFilseclab Personal Firewall version 3.0.0.8686\nLook \u0027n\u0027 Stop Personal Firewall version 2.05p2\nSymantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. A remote attacker can use the spoofed process to bypass the control of the security check. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "VULHUB",
"id": "VHN-22727"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-22727",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6619",
"trust": 2.5
},
{
"db": "BID",
"id": "21615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-82802",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "29287",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-22727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"id": "VAR-200612-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:32.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avg.co.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6619"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21615"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6619"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6619"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.infoprocess.com.au/antihook.php"
},
{
"trust": 0.3,
"url": "http://www.grisoft.com/"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm\u0026ei=d_6crfdcapuwnqptjcb_\u0026usg=__uqizxyyvwb4dlpaaogel8nftkja=\u0026sig2=riufvoqmxrfqyl4h1bsrzq"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.looknstop.com%2f\u0026ei=m_6crfl8n6cunqp5wef7\u0026usg=__ufqwvzzztduykujwzxq2euu_xna=\u0026sig2=1vrohasxv2wrxkwcut7fua"
},
{
"trust": 0.3,
"url": "/archive/1/454522"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22727"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-22727"
},
{
"date": "2006-12-15T00:00:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"date": "2006-12-18T11:28:00",
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"date": "2006-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22727"
},
{
"date": "2006-12-15T21:18:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"date": "2018-10-17T21:49:16.927000",
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"date": "2007-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVG Anti-Virus plus Firewall Vulnerabilities that prevent process product control on process",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…