Sign-up

ID

VAR-200612-0208


CVE

CVE-2006-6622


TITLE

Soft4Ever LnS Vulnerability that bypasses ongoing product control

Trust: 0.8

sources: JVNDB: JVNDB-2006-001772

DESCRIPTION

Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Controls that allow remote attackers to bypass security checks by spoofing the process. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB

Trust: 1.98

sources: NVD: CVE-2006-6622 // JVNDB: JVNDB-2006-001772 // BID: 21615 // VULHUB: VHN-22730

AFFECTED PRODUCTS

vendor:symantecmodel:sygate personal firewallscope:eqversion:5.6.2808

Trust: 1.9

vendor:infoprocessmodel:antihookscope:eqversion:3.0.23

Trust: 1.3

vendor:filseclabmodel:personal firewallscope:eqversion:3.0.8686

Trust: 1.3

vendor:comodomodel:personal firewallscope:eqversion:2.3.6.81

Trust: 1.3

vendor:avgmodel:antivirus plus firewallscope:eqversion:7.5.431

Trust: 1.0

vendor:soft4evermodel:look n stopscope:eqversion:2.05p2

Trust: 1.0

vendor:soft4evermodel:look n stopscope:eqversion:20061215

Trust: 0.8

vendor:soft4evermodel:look n stopscope:ltversion:2.05p2

Trust: 0.8

vendor:lookmodel:'n' stop look 'n' stop 2.05p2scope: - version: -

Trust: 0.3

vendor:avgmodel:anti-virus plus firewallscope:eqversion:7.5.431

Trust: 0.3

sources: BID: 21615 // JVNDB: JVNDB-2006-001772 // CNNVD: CNNVD-200612-386 // NVD: CVE-2006-6622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6622
value: HIGH

Trust: 1.0

NVD: CVE-2006-6622
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200612-386
value: HIGH

Trust: 0.6

VULHUB: VHN-22730
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-6622
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22730
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22730 // JVNDB: JVNDB-2006-001772 // CNNVD: CNNVD-200612-386 // NVD: CVE-2006-6622

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6622

THREAT TYPE

local

Trust: 0.9

sources: BID: 21615 // CNNVD: CNNVD-200612-386

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200612-386

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001772

PATCH
title:Top Pageurl:http://www.looknstop.com/En/index2.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001772

EXTERNAL IDS
db:NVDid:CVE-2006-6622
Trust: 2.5
db:BIDid:21615
Trust: 2.0
db:JVNDBid:JVNDB-2006-001772
Trust: 0.8
db:CNNVDid:CNNVD-200612-386
Trust: 0.7
db:BUGTRAQid:20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS
Trust: 0.6
db:VULHUBid:VHN-22730
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22730 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001772 // 
            
            
            
            CNNVD: CNNVD-200612-386 // 
            
            
            
            NVD: CVE-2006-6622

REFERENCES
url:http://www.securityfocus.com/bid/21615
Trust: 1.7
url:http://www.wilderssecurity.com/showthread.php?t=158155
Trust: 1.7
url:http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip
Trust: 1.7
url:http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php
Trust: 1.7
url:http://www.securityfocus.com/archive/1/454522/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6622
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6622
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded
Trust: 0.6
url:http://www.infoprocess.com.au/antihook.php
Trust: 0.3
url:http://www.grisoft.com/
Trust: 0.3
url:http://www.comodo.com/
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm&ei=d_6crfdcapuwnqptjcb_&usg=__uqizxyyvwb4dlpaaogel8nftkja=&sig2=riufvoqmxrfqyl4h1bsrzq
Trust: 0.3
url:http://www.symantec.com
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.looknstop.com%2f&ei=m_6crfl8n6cunqp5wef7&usg=__ufqwvzzztduykujwzxq2euu_xna=&sig2=1vrohasxv2wrxkwcut7fua
Trust: 0.3
url:/archive/1/454522
Trust: 0.3
sources:
            
            
            VULHUB: VHN-22730 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001772 // 
            
            
            
            CNNVD: CNNVD-200612-386 // 
            
            
            
            NVD: CVE-2006-6622

CREDITS
Matousec http://www.matousec.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200612-386

SOURCES
db:VULHUBid:VHN-22730
db:BIDid:21615
db:JVNDBid:JVNDB-2006-001772
db:CNNVDid:CNNVD-200612-386
db:NVDid:CVE-2006-6622

LAST UPDATE DATE
2025-04-10T23:18:17.435000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-22730date:2018-10-17T00:00:00
db:BIDid:21615date:2006-12-15T21:18:00
db:JVNDBid:JVNDB-2006-001772date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-386date:2007-02-06T00:00:00
db:NVDid:CVE-2006-6622date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-22730date:2006-12-18T00:00:00
db:BIDid:21615date:2006-12-15T00:00:00
db:JVNDBid:JVNDB-2006-001772date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-386date:2006-12-18T00:00:00
db:NVDid:CVE-2006-6622date:2006-12-18T11:28:00