mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
245 lines
8.4 KiB
JSON
245 lines
8.4 KiB
JSON
{
|
|
"id": "CVE-2006-5153",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2006-10-05T04:04:00.000",
|
|
"lastModified": "2024-11-21T00:18:05.017",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Los drivers (1) fwdrv.sys y (2) khips.sys en Sunbelt Kerio Personal Firewall 4.3.268 y anteriores no validan los argumentos pasados a trav\u00e9s de funciones SSDT, incluyendo NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, y NtSetInformationFile, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente otros impactos mediante vectores no especificados."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"baseScore": 5.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E6C66920-4A4F-4335-B052-44E1F92F585B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "658F01AE-C211-473C-BF70-E524E4310F20"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F769FAE-CC31-4C8B-B785-1423DFC2BA3B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CB7202BC-AD0B-41B1-B7C1-7665498C967B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "38E60288-F9E6-4E7C-9B48-352277A34C85"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32087795-35B4-427A-BDAE-F0A217230C18"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4C04B63F-3715-46F1-917E-5185691BD619"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.13:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3B1A9450-D6E7-4D0A-A9BF-E64284D1E1CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.14:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "041B4428-ADC5-4BD2-9F6E-0BE2362FD9B3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.15:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8E19F4EE-1567-4CD8-895C-474CE80241AD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.16:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "19EA5978-64EC-4B54-BC06-20324DB0E6CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C2B9D00A-6598-4BC0-B058-7598657274D8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F81E1EDB-A491-4BE6-B6DE-1C4A695EE1F8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5C076C7D-D833-42CF-9FEF-F3654013AB05"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9FEB6DB5-851E-4EDF-AC1C-CBA502C6D5A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6682610C-1564-48E3-A364-76B6F5369F02"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.3.246:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "651BA95B-3298-459C-9141-B8D3E8532FF3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.3.268:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "26B05B51-14DB-4ADF-8AA1-8D4E5C2956DF"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://secunia.com/advisories/22234",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://securityreason.com/securityalert/1685",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://securitytracker.com/id?1016967",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.matousec.com/info/advisories/Kerio-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/447504/100/0/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/20299",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2006/3872",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29313",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/22234",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://securityreason.com/securityalert/1685",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://securitytracker.com/id?1016967",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.matousec.com/info/advisories/Kerio-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/447504/100/0/threaded",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/20299",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2006/3872",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29313",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |