CVE-2005-2711
CVSS7.2
发布时间 :2005-12-31 00:00:00
修订时间 :2011-03-07 21:24:55
NMCOS    

[原文]ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.


[CNNVD]ISS多个产品本地权限提升漏洞(CNNVD-200512-953)

        ISS的BlackICE Defender、BlackICE Agent和RealSecure Server Sensor是运行在Microsoft Windows环境下的网络入侵检测系统。
        ISS的多个产品对文件执行的处理上存在漏洞,本地用户可能利用此漏洞提升自己的权限。
        如果要利用这个漏洞,攻击者必须要触发操作,使得应用程序保护模块显示警告信息。对于BlackIce产品,可以产品初次安装完成后启动任意可执行程序来触发上述操作。在"应用程序保护"对话框中点击"更多信息"就会弹出第二级表单。激活该表单后,按下F1键弹出标准Windows打开文件对话框,提示用户手动锁定应用程序的帮助文件。BlackIce在启动帮助对话框之前没有丢弃权限。如果用户输入了*.exe [enter]重置对话框文件掩码的话,就可以右击该文件并选择"打开"启动系统中的任意可执行文件。以这种方式启动的应用程序会以系统级别权限执行。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:iss:realsecure_desktop:3.6Internet Security Systems RealSecure Desktop 3.6
cpe:/a:iss:blackice_server_protectionInternet Security Systems BlackICE Server Protection
cpe:/a:iss:realsecure_desktop:7.0Internet Security Systems RealSecure Desktop 7.0
cpe:/a:iss:blackice_pc_protection:3.6cpuInternet Security Systems BlackICE PC Protection 3.6cpu
cpe:/a:iss:blackice_pc_protection:3.6Internet Security Systems BlackICE PC Protection 3.6
cpe:/a:iss:blackice_agent_serverInternet Security Systems BlackICE Agent Server

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2711
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2711
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-953
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/1090
(UNKNOWN)  VUPEN  ADV-2006-1090
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
(VENDOR_ADVISORY)  IDEFENSE  20060323 ISS Multiple Products Local Privilege Escalation Vulnerability
http://xforce.iss.net/xforce/xfdb/25423
(UNKNOWN)  XF  blackice-appprotection-privilege-escalation(25423)
http://www.securityfocus.com/bid/17218
(UNKNOWN)  BID  17218
http://www.osvdb.org/24096
(UNKNOWN)  OSVDB  24096
http://securitytracker.com/id?1015821
(UNKNOWN)  SECTRACK  1015821
http://securitytracker.com/id?1015820
(UNKNOWN)  SECTRACK  1015820
http://secunia.com/advisories/19327
(UNKNOWN)  SECUNIA  19327

- 漏洞信息

ISS多个产品本地权限提升漏洞
高危 设计错误
2005-12-31 00:00:00 2006-03-24 00:00:00
本地  
        ISS的BlackICE Defender、BlackICE Agent和RealSecure Server Sensor是运行在Microsoft Windows环境下的网络入侵检测系统。
        ISS的多个产品对文件执行的处理上存在漏洞,本地用户可能利用此漏洞提升自己的权限。
        如果要利用这个漏洞,攻击者必须要触发操作,使得应用程序保护模块显示警告信息。对于BlackIce产品,可以产品初次安装完成后启动任意可执行程序来触发上述操作。在"应用程序保护"对话框中点击"更多信息"就会弹出第二级表单。激活该表单后,按下F1键弹出标准Windows打开文件对话框,提示用户手动锁定应用程序的帮助文件。BlackIce在启动帮助对话框之前没有丢弃权限。如果用户输入了*.exe [enter]重置对话框文件掩码的话,就可以右击该文件并选择"打开"启动系统中的任意可执行文件。以这种方式启动的应用程序会以系统级别权限执行。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://xforce.iss.net

- 漏洞信息

24096
ISS Multiple Products Application Protection Module Local Privilege Escalation
Local Access Required Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

ISS BlackICE and RealSecure Desktop packages contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user resets a help dialog file mask and will permit a user to execute arbitrary code with the system level privileges. This flaw may lead to a loss of confidentiality or integrity.

- 时间线

2006-03-23 Unknow
2006-03-23 Unknow

- 解决方案

Upgrade to Proventia Desktop or Server, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability
Design Error 17218
No Yes
2006-03-23 12:00:00 2009-07-12 05:56:00
Discovery is credited to an anonymous source.

- 受影响的程序版本

Internet Security Systems RealSecure Desktop 7.0 ebm
Internet Security Systems RealSecure Desktop 7.0 ebl
Internet Security Systems RealSecure Desktop 7.0 ebk
Internet Security Systems RealSecure Desktop 7.0 ebj
Internet Security Systems RealSecure Desktop 7.0 ebh
Internet Security Systems RealSecure Desktop 7.0 ebg
Internet Security Systems RealSecure Desktop 7.0 ebf
Internet Security Systems RealSecure Desktop 7.0 eba
Internet Security Systems RealSecure Desktop 3.6 ecg
Internet Security Systems RealSecure Desktop 3.6 ecf
Internet Security Systems RealSecure Desktop 3.6 ece
Internet Security Systems RealSecure Desktop 3.6 ecd
Internet Security Systems RealSecure Desktop 3.6 ecb
Internet Security Systems RealSecure Desktop 3.6 eca
Internet Security Systems RealSecure Desktop 3.6 ebz
Internet Security Systems RealSecure Desktop 3.6 ebr
Internet Security Systems BlackIce Server Protection 3.6 coq
Internet Security Systems BlackIce Server Protection 3.6 cop
Internet Security Systems BlackIce Server Protection 3.6 coo
Internet Security Systems BlackIce Server Protection 3.6 con
Internet Security Systems BlackIce Server Protection 3.6 com
Internet Security Systems BlackIce Server Protection 3.6 col
Internet Security Systems BlackIce Server Protection 3.6 cok
Internet Security Systems BlackIce Server Protection 3.6 coj
Internet Security Systems BlackIce Server Protection 3.6 coi
Internet Security Systems BlackIce Server Protection 3.6 coh
Internet Security Systems BlackIce Server Protection 3.6 cog
Internet Security Systems BlackIce Server Protection 3.6 cof
Internet Security Systems BlackIce Server Protection 3.6 coe
Internet Security Systems BlackIce Server Protection 3.6 cod
Internet Security Systems BlackIce Server Protection 3.6 coc
Internet Security Systems BlackIce Server Protection 3.6 cob
Internet Security Systems BlackIce Server Protection 3.6 coa
Internet Security Systems BlackIce Server Protection 3.6 cch
Internet Security Systems BlackIce Server Protection 3.6 ccg
Internet Security Systems BlackIce Server Protection 3.6 ccf
Internet Security Systems BlackIce Server Protection 3.6 cce
Internet Security Systems BlackIce Server Protection 3.6 ccd
Internet Security Systems BlackIce Server Protection 3.6 ccc
Internet Security Systems BlackIce Server Protection 3.6 ccb
Internet Security Systems BlackIce Server Protection 3.6 cca
Internet Security Systems BlackIce Server Protection 3.6 cbz
Internet Security Systems BlackIce Server Protection 3.6 cbr
Internet Security Systems BlackIce Server Protection 3.6 .cno
Internet Security Systems BlackIce Server Protection 3.5 cdf
Internet Security Systems BlackICE PC Protection 3.6 cch
Internet Security Systems BlackICE PC Protection 3.6 ccg
Internet Security Systems BlackICE PC Protection 3.6 ccf
Internet Security Systems BlackICE PC Protection 3.6 cce
Internet Security Systems BlackICE PC Protection 3.6 ccd
Internet Security Systems BlackICE PC Protection 3.6 ccc
Internet Security Systems BlackICE PC Protection 3.6 ccb
Internet Security Systems BlackICE PC Protection 3.6 cca
Internet Security Systems BlackICE PC Protection 3.6 cbz
Internet Security Systems BlackICE PC Protection 3.6 cbr
Internet Security Systems BlackICE PC Protection 3.6 cbd
Internet Security Systems BlackICE PC Protection 3.6 .cno
Internet Security Systems BlackICE PC Protection 3.6 .cbz
Internet Security Systems BlackICE Agent for Server 3.6 ecg
Internet Security Systems BlackICE Agent for Server 3.6 ecf
Internet Security Systems BlackICE Agent for Server 3.6 ece
Internet Security Systems BlackICE Agent for Server 3.6 ecd
Internet Security Systems BlackICE Agent for Server 3.6 ecc
Internet Security Systems BlackICE Agent for Server 3.6 ecb
Internet Security Systems BlackICE Agent for Server 3.6 eca
Internet Security Systems BlackICE Agent for Server 3.6 ebz
Internet Security Systems Proventia Server 0
Internet Security Systems Proventia Desktop 0

- 不受影响的程序版本

Internet Security Systems Proventia Server 0
Internet Security Systems Proventia Desktop 0

- 漏洞讨论

Multiple Internet Security Systems (ISS) products are susceptible to a local privilege-escalation vulnerability. This issue is due to the application's failure to properly lower the privileges of the running process when required.

Due to the nature of the affected application, it executes with SYSTEM privileges. When a local user opens the help browser from the affected application, it runs with the same elevated privileges as the calling application.

This vulnerability allows local attackers to access and execute arbitrary files with SYSTEM privileges, facilitating the compromise of the local computer.

- 漏洞利用

This issue can be exploited through the interface of the affected products.

- 解决方案

Proventia Desktop and Server products are free updates that serve as replacements for the affected products. Reportedly, these products are not affected by this issue. Symantec has not confirmed that these products are not affected.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站