Vulnerability-Lookup

CVE-2006-3697 (GCVE-0-2006-3697)

Vulnerability from cvelistv5 – Published: 2006-07-19 01:00 – Updated: 2024-08-07 18:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/21089	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/27349	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/19018	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/440426/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/0144	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/19024	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2006/2851	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2006/2852	vdb-entryx_refsource_VUPEN
	http://www.ben.goulding.com.au/secad.html	x_refsource_MISC
	http://secunia.com/advisories/21088	third-party-advisoryx_refsource_SECUNIA
	https://secure-support.novell.com/KanisaPlatform/…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:39:53.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21089"
          },
          {
            "name": "27349",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27349"
          },
          {
            "name": "19018",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19018"
          },
          {
            "name": "20060716 Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
          },
          {
            "name": "ADV-2007-0144",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0144"
          },
          {
            "name": "19024",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19024"
          },
          {
            "name": "ADV-2006-2851",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2851"
          },
          {
            "name": "ADV-2006-2852",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2852"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ben.goulding.com.au/secad.html"
          },
          {
            "name": "21088",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21088"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21089"
        },
        {
          "name": "27349",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27349"
        },
        {
          "name": "19018",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19018"
        },
        {
          "name": "20060716 Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
        },
        {
          "name": "ADV-2007-0144",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0144"
        },
        {
          "name": "19024",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19024"
        },
        {
          "name": "ADV-2006-2851",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2851"
        },
        {
          "name": "ADV-2006-2852",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2852"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ben.goulding.com.au/secad.html"
        },
        {
          "name": "21088",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21088"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3697",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21089"
            },
            {
              "name": "27349",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27349"
            },
            {
              "name": "19018",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19018"
            },
            {
              "name": "20060716 Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
            },
            {
              "name": "ADV-2007-0144",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0144"
            },
            {
              "name": "19024",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19024"
            },
            {
              "name": "ADV-2006-2851",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2851"
            },
            {
              "name": "ADV-2006-2852",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2852"
            },
            {
              "name": "http://www.ben.goulding.com.au/secad.html",
              "refsource": "MISC",
              "url": "http://www.ben.goulding.com.au/secad.html"
            },
            {
              "name": "21088",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21088"
            },
            {
              "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html",
              "refsource": "CONFIRM",
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3697",
    "datePublished": "2006-07-19T01:00:00",
    "dateReserved": "2006-07-18T00:00:00",
    "dateUpdated": "2024-08-07T18:39:53.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3697\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-07-21T14:03:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \\\"open folder\\\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \\\"Save Configuration As\\\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.\"},{\"lang\":\"es\",\"value\":\"Agnitum Outpost Firewall Pro 3.51.759.6511 (462), tal y como se usa en (1) Lavasoft Personal Firewall 1.0.543.5722 (433) y (2) Novell BorderManager Novell Client Firewall 2.0, no restringe de forma adecuada las actividades de usuario para ganar privilegios y ejecutar comandos (a)a trav\u00e9s de la opci\u00f3n \\\"abrir carpeta\\\" cuando una instancia de explorer.exe est\u00e1 funcionando, posiblemente relacionado con la funci\u00f3n API ShellExecute, o (b) a trav\u00e9s de la re-escritura de un fichero de proceso por lotes a trav\u00e9s de la opci\u00f3n \\\"Guardar configuraci\u00f3n como\\\". NOTA: esto podr\u00eda estar relacionado con la vulnerabilidad en Microsoft Windows y la instnacia explorer.exe del firewall.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:agnitum:outpost_firewall:3.51.759.6511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D53F7EA-FC12-44AB-8DE8-035E4BD8AE7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lavasoft:lavasoft_personal_firewall:1.0.543.5722.433:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF1090AA-5A26-4600-B284-37D714AD28D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:client_firewall:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A29B4A-377D-4264-ABD1-6A14C9BDBC7D\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21089\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ben.goulding.com.au/secad.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27349\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/440426/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19018\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19024\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2851\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2852\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0144\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21089\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ben.goulding.com.au/secad.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27349\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/440426/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2851\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200607-0237

Vulnerability from variot - Updated: 2025-04-03 22:41

Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall. Lavasoft Personal Firewall will allow local attackers to gain elevated privileges, which may lead to a complete compromise. Version 1.0.543.5722 (433) is reported vulnerable. Other versions may be affected as well. Reports indicate that this issue may be related to BID 19024.

Hardcore Disassembler / Reverse Engineer Wanted!

Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.

The vulnerability is caused due to the application windows running with SYSTEM privileges and the application not checking if explorer.exe is running. This can be exploited to launch explorer.exe with SYSTEM privileges by terminating it and then using the "open folder" option in e.g. the "Shared Components" window.

SOLUTION: Enable password protection.

PROVIDED AND/OR DISCOVERED BY: Ben Goulding

ORIGINAL ADVISORY: http://www.ben.goulding.com.au/secad.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0237",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "client firewall",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "outpost firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "agnitum",
        "version": "3.51.759.6511"
      },
      {
        "model": "personal firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lavasoft",
        "version": "1.0.543.5722.433"
      },
      {
        "model": "outpost firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "agnitum",
        "version": "pro 3.51.759.6511 (462)"
      },
      {
        "model": "personal firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "lavasoft",
        "version": "1.0.543.5722 (433)"
      },
      {
        "model": "bordermanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.8"
      },
      {
        "model": "bordermanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.7"
      },
      {
        "model": "outpost firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "agnitum",
        "version": "3.51.759.6511(462)"
      },
      {
        "model": "personal firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lavasoft",
        "version": "1.0.543.5722(433)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "19024"
      },
      {
        "db": "BID",
        "id": "19018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3697"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:agnitum:outpost_firewall",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lavasoft:lavasoft_personal_firewall",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:novell:client_firewall",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "mullware@gmail.com discovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "19018"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2006-3697",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2006-3697",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-19805",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-3697",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-3697",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200607-289",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19805",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19805"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3697"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall. Lavasoft Personal Firewall will allow local attackers to gain elevated privileges, which may lead to a complete compromise. \nVersion 1.0.543.5722 (433) is reported vulnerable. Other versions may be affected as well. \nReports indicate that this issue may be related to BID 19024. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nThe vulnerability is caused due to the application windows running\nwith SYSTEM privileges and the application not checking if\nexplorer.exe is running. This can be exploited to launch explorer.exe\nwith SYSTEM privileges by terminating it and then using the \"open\nfolder\" option in e.g. the \"Shared Components\" window. \n\nSOLUTION:\nEnable password protection. \n\nPROVIDED AND/OR DISCOVERED BY:\nBen Goulding\n\nORIGINAL ADVISORY:\nhttp://www.ben.goulding.com.au/secad.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3697"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "db": "BID",
        "id": "19024"
      },
      {
        "db": "BID",
        "id": "19018"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19805"
      },
      {
        "db": "PACKETSTORM",
        "id": "48308"
      },
      {
        "db": "PACKETSTORM",
        "id": "48302"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-3697",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "19024",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "19018",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "21089",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "21088",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0144",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2852",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2851",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "27349",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-289",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060716 ESCALATION OF PRIVILEGES IN OUTPOST AND LAVASOFT FIREWALLS -UNUSUAL SHELLEXECUTE BEHAVIOR",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-19805",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "48308",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "48302",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19805"
      },
      {
        "db": "BID",
        "id": "19024"
      },
      {
        "db": "BID",
        "id": "19018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "db": "PACKETSTORM",
        "id": "48308"
      },
      {
        "db": "PACKETSTORM",
        "id": "48302"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3697"
      }
    ]
  },
  "id": "VAR-200607-0237",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19805"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-03T22:41:45.404000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.agnitum.com/products/outpost/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.lavasoft.com/products/lavasoft_personal_firewall.php"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.novell.com/support/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19805"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3697"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.ben.goulding.com.au/secad.html"
      },
      {
        "trust": 2.0,
        "url": "https://secure-support.novell.com/kanisaplatform/publishing/903/3762108_f.sal_public.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/19018"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/19024"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/27349"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/21088"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/21089"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2851"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2852"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0144"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3697"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3697"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/440426/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/0144"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2852"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2851"
      },
      {
        "trust": 0.3,
        "url": "http://www.agnitum.com/products/outpost/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/lists/fulldisclosure/2006/jul/0481.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.lavasoftusa.com/software/firewall/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7908/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21089/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21088/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11075/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19805"
      },
      {
        "db": "BID",
        "id": "19024"
      },
      {
        "db": "BID",
        "id": "19018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "db": "PACKETSTORM",
        "id": "48308"
      },
      {
        "db": "PACKETSTORM",
        "id": "48302"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3697"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-19805"
      },
      {
        "db": "BID",
        "id": "19024"
      },
      {
        "db": "BID",
        "id": "19018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "db": "PACKETSTORM",
        "id": "48308"
      },
      {
        "db": "PACKETSTORM",
        "id": "48302"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3697"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19805"
      },
      {
        "date": "2006-07-17T00:00:00",
        "db": "BID",
        "id": "19024"
      },
      {
        "date": "2006-07-17T00:00:00",
        "db": "BID",
        "id": "19018"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "date": "2006-07-18T20:56:43",
        "db": "PACKETSTORM",
        "id": "48308"
      },
      {
        "date": "2006-07-18T20:56:43",
        "db": "PACKETSTORM",
        "id": "48302"
      },
      {
        "date": "2006-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      },
      {
        "date": "2006-07-21T14:03:00",
        "db": "NVD",
        "id": "CVE-2006-3697"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19805"
      },
      {
        "date": "2007-01-11T17:50:00",
        "db": "BID",
        "id": "19024"
      },
      {
        "date": "2007-01-11T18:10:00",
        "db": "BID",
        "id": "19018"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      },
      {
        "date": "2007-01-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      },
      {
        "date": "2025-04-03T01:03:51.193000",
        "db": "NVD",
        "id": "CVE-2006-3697"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "19024"
      },
      {
        "db": "BID",
        "id": "19018"
      },
      {
        "db": "PACKETSTORM",
        "id": "48308"
      },
      {
        "db": "PACKETSTORM",
        "id": "48302"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-289"
      }
    ],
    "trust": 1.4
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lavasoft Personal Firewall Used in products such as  Agnitum Outpost Firewall Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002819"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "19024"
      },
      {
        "db": "BID",
        "id": "19018"
      }
    ],
    "trust": 0.6
  }
}

GHSA-26Q6-82CC-W6FM

Vulnerability from github – Published: 2022-05-01 07:11 – Updated: 2022-05-01 07:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3697"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-07-21T14:03:00Z",
    "severity": "HIGH"
  },
  "details": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.",
  "id": "GHSA-26q6-82cc-w6fm",
  "modified": "2022-05-01T07:11:38Z",
  "published": "2022-05-01T07:11:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3697"
    },
    {
      "type": "WEB",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21088"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21089"
    },
    {
      "type": "WEB",
      "url": "http://www.ben.goulding.com.au/secad.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/27349"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19018"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19024"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2851"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2852"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0144"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-3697

Vulnerability from fkie_nvd - Published: 2006-07-21 14:03 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21088	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21089	Vendor Advisory
cve@mitre.org	http://www.ben.goulding.com.au/secad.html
cve@mitre.org	http://www.osvdb.org/27349
cve@mitre.org	http://www.securityfocus.com/archive/1/440426/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19018
cve@mitre.org	http://www.securityfocus.com/bid/19024
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2851	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2852	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0144	Vendor Advisory
cve@mitre.org	https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21088	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21089	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ben.goulding.com.au/secad.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27349
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/440426/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19018
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19024
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2851	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0144	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html

Impacted products

Vendor	Product	Version
agnitum	outpost_firewall	3.51.759.6511
lavasoft	lavasoft_personal_firewall	1.0.543.5722.433
novell	client_firewall	2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:agnitum:outpost_firewall:3.51.759.6511:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D53F7EA-FC12-44AB-8DE8-035E4BD8AE7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lavasoft:lavasoft_personal_firewall:1.0.543.5722.433:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1090AA-5A26-4600-B284-37D714AD28D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:client_firewall:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A29B4A-377D-4264-ABD1-6A14C9BDBC7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall."
    },
    {
      "lang": "es",
      "value": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), tal y como se usa en (1) Lavasoft Personal Firewall 1.0.543.5722 (433) y (2) Novell BorderManager Novell Client Firewall 2.0, no restringe de forma adecuada las actividades de usuario para ganar privilegios y ejecutar comandos (a)a trav\u00e9s de la opci\u00f3n \"abrir carpeta\" cuando una instancia de explorer.exe est\u00e1 funcionando, posiblemente relacionado con la funci\u00f3n API ShellExecute, o (b) a trav\u00e9s de la re-escritura de un fichero de proceso por lotes a trav\u00e9s de la opci\u00f3n \"Guardar configuraci\u00f3n como\". NOTA: esto podr\u00eda estar relacionado con la vulnerabilidad en Microsoft Windows y la instnacia explorer.exe del firewall."
    }
  ],
  "id": "CVE-2006-3697",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-21T14:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21088"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21089"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ben.goulding.com.au/secad.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27349"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19018"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19024"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2851"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2852"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0144"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ben.goulding.com.au/secad.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-3697

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3697

Aliases

CVE-2006-3697

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3697",
    "description": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.",
    "id": "GSD-2006-3697"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3697"
      ],
      "details": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.",
      "id": "GSD-2006-3697",
      "modified": "2023-12-13T01:19:57.127650Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3697",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "21089",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21089"
          },
          {
            "name": "27349",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/27349"
          },
          {
            "name": "19018",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19018"
          },
          {
            "name": "20060716 Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
          },
          {
            "name": "ADV-2007-0144",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0144"
          },
          {
            "name": "19024",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19024"
          },
          {
            "name": "ADV-2006-2851",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2851"
          },
          {
            "name": "ADV-2006-2852",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2852"
          },
          {
            "name": "http://www.ben.goulding.com.au/secad.html",
            "refsource": "MISC",
            "url": "http://www.ben.goulding.com.au/secad.html"
          },
          {
            "name": "21088",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21088"
          },
          {
            "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html",
            "refsource": "CONFIRM",
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lavasoft:lavasoft_personal_firewall:1.0.543.5722.433:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:novell:client_firewall:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:agnitum:outpost_firewall:3.51.759.6511:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3697"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the \"open folder\" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the \"Save Configuration As\" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ben.goulding.com.au/secad.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.ben.goulding.com.au/secad.html"
            },
            {
              "name": "19018",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/19018"
            },
            {
              "name": "19024",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/19024"
            },
            {
              "name": "21088",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21088"
            },
            {
              "name": "21089",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21089"
            },
            {
              "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html"
            },
            {
              "name": "27349",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/27349"
            },
            {
              "name": "ADV-2006-2851",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2851"
            },
            {
              "name": "ADV-2006-2852",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2852"
            },
            {
              "name": "ADV-2007-0144",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0144"
            },
            {
              "name": "20060716 Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/440426/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:48Z",
      "publishedDate": "2006-07-21T14:03Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3697 (GCVE-0-2006-3697)

VAR-200607-0237

GHSA-26Q6-82CC-W6FM

FKIE_CVE-2006-3697

GSD-2006-3697

Tags

Sightings

Nomenclature