CVE-2006-6620 - OpenCVE

Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Filseclab	Personal Firewall
Symantec	Sygate Personal Firewall
Infoprocess	Antihook
Avg	Antivirus Plus Firewall
Comodo	Comodo Personal Firewall
Soft4ever	Look N Stop

Configuration 1 [-]

OR	cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:::::::*
	cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:::::::*
	cpe:2.3:a:filseclab:personal_firewall:3.0.8686:::::::*
	cpe:2.3:a:infoprocess:antihook:3.0.23:::::::*
	cpe:2.3:a:soft4ever:look_n_stop:2.05p2:::::::*
	cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:::::::*

References

Link	Resource
http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip
http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php	Vendor Advisory
http://www.securityfocus.com/archive/1/454522/100/0/threaded
http://www.securityfocus.com/bid/21615

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-18T11:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-12-17T00:00:00

Link: CVE-2006-6620

JSON object: View

NVD Information

Status : Modified

Published: 2006-12-18T11:28:00.000

Modified: 2018-10-17T21:49:17.223

Link: CVE-2006-6620

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"}, {"name": "20061215 Bypassing process identification of several personal firewalls and HIPS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"}, {"name": "21615", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21615"}, {"tags": ["x_refsource_MISC"], "url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6620", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php", "refsource": "MISC", "url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"}, {"name": "20061215 Bypassing process identification of several personal firewalls and HIPS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"}, {"name": "21615", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21615"}, {"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip", "refsource": "MISC", "url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6620", "datePublished": "2006-12-18T11:00:00", "dateReserved": "2006-12-17T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:*", "matchCriteriaId": "04B7232E-7DE6-4ED3-B2B5-9854AB0113B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*", "matchCriteriaId": "27A1D441-3366-4F5C-944B-76472ACCBC29", "vulnerable": true}, {"criteria": "cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:*", "matchCriteriaId": "A7CFD0C9-86A6-4C08-A9CB-5E25D42F80EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "991CC4DF-4B5F-46B8-A254-4E89E8787FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:*", "matchCriteriaId": "66E01B07-427D-495F-8286-C39CDB6CA5A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:*", "matchCriteriaId": "D3917B20-DA44-4CC4-82AE-ED1FB4398D38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."}, {"lang": "es", "value": "Comodo Personal Firewall 2.3.6.81 depende del Process Environment Block (PEB) para la identificaci\u00f3n de un proceso, el cual permite a usuarios locales evitar los controles del producto en el proceso mediante la simulaci\u00f3n de los campos (1) ImagePathName, (2) CommandLine y(3) WindowTitle en el PEB."}], "id": "CVE-2006-6620", "lastModified": "2018-10-17T21:49:17.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-18T11:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21615"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}