CVE-2002-0349
CVSS4.6
发布时间 :2002-06-25 00:00:00
修订时间 :2016-10-17 22:19:39
NMCOS    

[原文]Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions.


[CNNVD]Tiny Personal Firewall锁定终端被绕过漏洞(CNNVD-200206-054)

        
        Tiny Personal Firewall是一个适用于台式机的桌面防火墙软件。
        假设一台Windows 2000安装了Tiny Personal Firewall (2.0.15a),然后用ctrl + alt + del锁定了。对该机进行网络扫描,此时会在该机主控台上弹出一个对话框,等待用户选择"允许/禁止"。即便该机处在锁定状态,这个对话框照样弹出。能够物理接触该机的任何人都可对此对话框做出选择,这样就潜在地修改了防火墙规则。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0349
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0349
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200206-054
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101494587110288&w=2
(UNKNOWN)  BUGTRAQ  20020228 ... Tiny Personal Firewall ...
http://www.iss.net/security_center/static/8324.php
(VENDOR_ADVISORY)  XF  tinyfw-popup-gain-access(8324)
http://www.securityfocus.com/bid/4207
(VENDOR_ADVISORY)  BID  4207

- 漏洞信息

Tiny Personal Firewall锁定终端被绕过漏洞
中危 其他
2002-06-25 00:00:00 2005-10-20 00:00:00
本地  
        
        Tiny Personal Firewall是一个适用于台式机的桌面防火墙软件。
        假设一台Windows 2000安装了Tiny Personal Firewall (2.0.15a),然后用ctrl + alt + del锁定了。对该机进行网络扫描,此时会在该机主控台上弹出一个对话框,等待用户选择"允许/禁止"。即便该机处在锁定状态,这个对话框照样弹出。能够物理接触该机的任何人都可对此对话框做出选择,这样就潜在地修改了防火墙规则。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 建议手动配置防火墙规则,然后禁用"学习模式",以避免弹出对话框。
        厂商补丁:
        Tiny
        ----
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.tinysoftware.com

- 漏洞信息

12067
Tiny Personal Firewall System Alert Screen Lock Bypass
Physical Access Required
Loss of Integrity
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-02-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Tiny Personal Firewall Locked Terminal Bypass Vulnerability
Origin Validation Error 4207
No Yes
2002-02-28 12:00:00 2009-07-11 10:56:00
Reported by Andrew Barkley <andrew.barkley@usa.net>.

- 受影响的程序版本

Tiny Personal Firewall 2.0.15
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home

- 漏洞讨论

An issue has been reported in Tiny Personal Firewall which could allow a local attacker to permit users unauthorized access to Tiny Personal Firewall. Reportedly, this is possible even if the local system is locked.

Allegedly, a user scanning the network could initiate an alert dialogue in the foreground of a locked workstation with the firewall installed. The dialogue box requires the user to either permit or deny input. If the workstation is unattended the local attacker could select permit and enter information to the firewall program, without the legitimate user of the services knowledge.

Potentially this issue could allow unauthorized users to modify the Personal Tiny Firewal settings.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Maher Odeh <rax@X-war.org> has reported that creating an appropriate rule and disabling the 'ask for action when rule is found' selection will address this issue.

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站