nvd-json-data-feeds/CVE-2006/CVE-2006-71xx/CVE-2006-7160.json

{
  "id": "CVE-2006-7160",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-03-07T20:19:00.000",
  "lastModified": "2024-11-21T00:24:31.870",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions."
    },
    {
      "lang": "es",
      "value": "El controlador Sandbox.sys de Outpost Firewall PRO versi\u00f3n 4.0, y posiblemente versiones anteriores, no comprueba argumentos para funciones SSDT enlazadas, permite a usuarios locales causar una denegaci\u00f3n de servicio (bloqueo) mediante argumentos no v\u00e1lidos para las funciones (1) NtAssignProcessToJobObject, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver y (12) NtWriteVirtualMemory."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "baseScore": 4.9,
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:agnitum:outpost_firewall:*:*:pro:*:*:*:*:*",
              "versionEndIncluding": "4.0",
              "matchCriteriaId": "C3B820FA-2999-4DAA-A54D-9DA2B16B2A11"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://secunia.com/advisories/22913",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://securityreason.com/securityalert/2376",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/archive/1/451672/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/21097",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2006/4537",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30312",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/22913",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://securityreason.com/securityalert/2376",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/archive/1/451672/100/0/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/bid/21097",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2006/4537",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30312",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}