ID
VAR-200206-0049
CVE
CVE-2002-0349
TITLE
Tiny Personal Firewall Locked terminal is bypassed
Trust: 0.6
DESCRIPTION
Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions. Reportedly, this is possible even if the local system is locked. Allegedly, a user scanning the network could initiate an alert dialogue in the foreground of a locked workstation with the firewall installed. The dialogue box requires the user to either permit or deny input. If the workstation is unattended the local attacker could select permit and enter information to the firewall program, without the legitimate user of the services knowledge. Potentially this issue could allow unauthorized users to modify the Personal Tiny Firewal settings. Suppose a Windows 2000 is installed with Tiny Personal Firewall (2.0.15a), and then locked with ctrl + alt + del. Carry out a network scan to this machine, and a dialog box will pop up on the main console of this machine at this time, waiting for the user to select \"Allow/Forbid\". Even if the machine is locked, this dialog box still pops up. Anyone with physical access to the machine can make choices on this dialog, potentially modifying firewall rules
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | tiny | model: | personal firewall | scope: | eq | version: | 2.0.15 | Trust: 1.9 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
local
Trust: 0.9
TYPE
other
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 4207 | Trust: 2.0 |
| db: | NVD | id: | CVE-2002-0349 | Trust: 2.0 |
| db: | CNNVD | id: | CNNVD-200206-054 | Trust: 0.7 |
| db: | BUGTRAQ | id: | 20020228 ... TINY PERSONAL FIREWALL ... | Trust: 0.6 |
| db: | XF | id: | 8324 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-4742 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/4207 | Trust: 1.7 |
| url: | http://www.iss.net/security_center/static/8324.php | Trust: 1.7 |
| url: | http://marc.info/?l=bugtraq&m=101494587110288&w=2 | Trust: 1.0 |
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=101494587110288&w=2 | Trust: 0.6 |
| url: | http://www.tinysoftware.com/home/tiny?s=7741043568395572227a0&&pg=tpf_summary | Trust: 0.3 |
| url: | http://marc.info/?l=bugtraq&m=101494587110288&w=2 | Trust: 0.1 |
CREDITS
Andrew Barkley※ andrew.barkley@usa.net
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-4742 |
| db: | BID | id: | 4207 |
| db: | CNNVD | id: | CNNVD-200206-054 |
| db: | NVD | id: | CVE-2002-0349 |
LAST UPDATE DATE
2025-04-03T22:30:55.834000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-4742 | date: | 2016-10-18T00:00:00 |
| db: | BID | id: | 4207 | date: | 2009-07-11T10:56:00 |
| db: | CNNVD | id: | CNNVD-200206-054 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2002-0349 | date: | 2025-04-03T01:03:51.193 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-4742 | date: | 2002-06-25T00:00:00 |
| db: | BID | id: | 4207 | date: | 2002-02-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-200206-054 | date: | 2002-02-28T00:00:00 |
| db: | NVD | id: | CVE-2002-0349 | date: | 2002-06-25T04:00:00 |