CVE-2006-4927 - OpenCVE

The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Symantec	Navex15 Driver Naveng Driver

Configuration 1 [-]

OR	cpe:2.3:a:symantec:naveng_driver::::::::
	cpe:2.3:a:symantec:navex15_driver::::::::

References

Link	Resource
http://secunia.com/advisories/22288	Patch Vendor Advisory
http://securityreason.com/securityalert/1690
http://securitytracker.com/id?1016994	Exploit Patch
http://securitytracker.com/id?1016995	Exploit Patch
http://securitytracker.com/id?1016996	Exploit Patch
http://securitytracker.com/id?1016997	Exploit Patch
http://securitytracker.com/id?1016998	Exploit Patch
http://securitytracker.com/id?1016999	Exploit Patch
http://securitytracker.com/id?1017000	Exploit Patch
http://securitytracker.com/id?1017001	Exploit Patch
http://securitytracker.com/id?1017002	Exploit Patch
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/946820	US Government Resource
http://www.securityfocus.com/archive/1/447849/100/0/threaded
http://www.securityfocus.com/bid/20360	Exploit Patch
http://www.symantec.com/avcenter/security/Content/2006.10.05a.html	Patch
http://www.vupen.com/english/advisories/2006/3928
https://exchange.xforce.ibmcloud.com/vulnerabilities/29360

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-05T21:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-09-22T00:00:00

Link: CVE-2006-4927

JSON object: View

NVD Information

Status : Modified

Published: 2006-10-10T04:06:00.000

Modified: 2018-10-17T21:40:31.607

Link: CVE-2006-4927

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-05T00:00:00", "descriptions": [{"lang": "en", "value": "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1016996", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016996"}, {"name": "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"}, {"name": "1017001", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017001"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"}, {"name": "1017000", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017000"}, {"name": "1016997", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016997"}, {"name": "1016995", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016995"}, {"name": "ADV-2006-3928", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3928"}, {"name": "1016998", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016998"}, {"name": "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"}, {"name": "1016994", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016994"}, {"name": "22288", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22288"}, {"name": "20360", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20360"}, {"name": "1016999", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016999"}, {"name": "1017002", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017002"}, {"name": "1690", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1690"}, {"name": "symantec-ioctl-privilege-escalation(29360)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"}, {"name": "VU#946820", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/946820"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4927", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1016996", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016996"}, {"name": "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"}, {"name": "1017001", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017001"}, {"name": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html", "refsource": "CONFIRM", "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"}, {"name": "1017000", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017000"}, {"name": "1016997", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016997"}, {"name": "1016995", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016995"}, {"name": "ADV-2006-3928", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3928"}, {"name": "1016998", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016998"}, {"name": "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"}, {"name": "1016994", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016994"}, {"name": "22288", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22288"}, {"name": "20360", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20360"}, {"name": "1016999", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016999"}, {"name": "1017002", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017002"}, {"name": "1690", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1690"}, {"name": "symantec-ioctl-privilege-escalation(29360)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"}, {"name": "VU#946820", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/946820"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4927", "datePublished": "2006-10-05T21:00:00", "dateReserved": "2006-09-22T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:naveng_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "1278247D-9258-46E2-91D7-29FB40C616D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:navex15_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "84278ED8-D4D2-4351-9A0E-5F811A4C06E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB."}, {"lang": "es", "value": "Los controladores de dispositivo de (a) NAVENG (NAVENG.SYS) y (b) NAVEX15 (NAVEX15.SYS) 20061.3.0.12 y posteriores, utilizados en Symantec AntiVirus y en productos de seguridad, permiten a usuarios locales escalar privilegios sobreescribiendo direcciones cr\u00edticas del sistema utilizando un Irp (paquete de petici\u00f3n de Entrada/salida) creado artesanalmente para las funciones IOCTL (1) 0x222AD3, (2) 0x222AD7, y (3) 0x222ADB."}], "evaluatorSolution": "Update 20061.3.0.12 has been released by the vendor for each vulnerable driver.\r\nAdditionally, an update to the virus definitions (October 4, 2006 revision 9 or later) is required.", "id": "CVE-2006-4927", "lastModified": "2018-10-17T21:40:31.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-10T04:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/22288"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1690"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016994"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016995"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016996"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016997"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016998"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016999"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017000"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017001"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017002"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/946820"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/20360"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3928"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}