CVE-2006-1221
CVSS6.2
发布时间 :2006-03-14 06:02:00
修订时间 :2011-03-07 21:32:28
NMCO    

[原文]Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.


[CNNVD]ZoneAlarm安全组件权限提升漏洞(CNNVD-200603-259)

        ZoneAlarm是一款个人电脑防火墙,能保护个人数据和隐私安全。
        ZoneAlarm的TrueVector服务在启动加载DLL时存在问题,攻击者可能利用此漏洞在主机上执行权限提升攻击。
        在Windows启动过程中ZoneAlarm的TrueVector服务(vsmon.exe)被设置为自动启动。TrueVector服务是以本地系统帐号权限运行的,在启动过程中会试图加载以下几个DLL:
        - VSUTIL_Loc0409_Oem8701.dll
        - VSUTIL_Oem8701.dll
        - VSUTIL_Loc0409.dll
        - vsmon_Loc0409_Oem8701.dll
        - vsmon_Oem8701.dll
        - vsmon_Loc0409.dll
        - VSRULEDB_Loc0409_Oem8701.dll
        - VSRULEDB_Oem8701.dll
        - VSRULEDB_Loc0409.dll
        - av_Loc0409_Oem8701.dll
        - av_Oem8701.dll
        - av_Loc0409.dll
        - zlquarantine_Loc0409_Oem8701.dll
        - zlquarantine_Oem8701.dll
        - zlquarantine_Loc0409.dll
        - zlsre_Loc0409_Oem8701.dll
        - zlsre_Oem8701.dll
        - zlsre_Loc0409.dll
        在加载进程过程中没有使用到DLL的完整路径,而仅使用了DLL的名称,这可能导致vsmon.exe进程权限提升。
        
        

- CVSS (基础分值)

CVSS分值: 6.2 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1221
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1221
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-259
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/0947
(UNKNOWN)  VUPEN  ADV-2006-0947
http://www.securityfocus.com/archive/1/archive/1/427309/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060309 Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm
http://www.securityfocus.com/archive/1/archive/1/427145/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060309 Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000
http://www.securityfocus.com/archive/1/archive/1/427122/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060308 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000
http://securitytracker.com/id?1015743
(UNKNOWN)  SECTRACK  1015743
http://reedarvin.thearvins.com/20060308-01.html
(UNKNOWN)  MISC  http://reedarvin.thearvins.com/20060308-01.html
http://xforce.iss.net/xforce/xfdb/25097
(UNKNOWN)  XF  zonealarm-path-gain-privileges(25097)
http://www.securityfocus.com/bid/17037
(UNKNOWN)  BID  17037

- 漏洞信息

ZoneAlarm安全组件权限提升漏洞
中危 设计错误
2006-03-14 00:00:00 2006-03-15 00:00:00
本地  
        ZoneAlarm是一款个人电脑防火墙,能保护个人数据和隐私安全。
        ZoneAlarm的TrueVector服务在启动加载DLL时存在问题,攻击者可能利用此漏洞在主机上执行权限提升攻击。
        在Windows启动过程中ZoneAlarm的TrueVector服务(vsmon.exe)被设置为自动启动。TrueVector服务是以本地系统帐号权限运行的,在启动过程中会试图加载以下几个DLL:
        - VSUTIL_Loc0409_Oem8701.dll
        - VSUTIL_Oem8701.dll
        - VSUTIL_Loc0409.dll
        - vsmon_Loc0409_Oem8701.dll
        - vsmon_Oem8701.dll
        - vsmon_Loc0409.dll
        - VSRULEDB_Loc0409_Oem8701.dll
        - VSRULEDB_Oem8701.dll
        - VSRULEDB_Loc0409.dll
        - av_Loc0409_Oem8701.dll
        - av_Oem8701.dll
        - av_Loc0409.dll
        - zlquarantine_Loc0409_Oem8701.dll
        - zlquarantine_Oem8701.dll
        - zlquarantine_Loc0409.dll
        - zlsre_Loc0409_Oem8701.dll
        - zlsre_Oem8701.dll
        - zlsre_Loc0409.dll
        在加载进程过程中没有使用到DLL的完整路径,而仅使用了DLL的名称,这可能导致vsmon.exe进程权限提升。
        
        

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.zonelabs.com

- 漏洞信息

23829
ZoneAlarm Security Suite VSMON.exe Path Subversion Local Privilege Escalation
Local Access Required Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-03-08 Unknow
2006-03-08 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站