CVE-2006-3074

Sažetak

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.

Reference

http://secunia.com/advisories/20629
http://secunia.com/advisories/25603
http://uninformed.org/index.cgi?v=4&a=4&p=4
http://uninformed.org/index.cgi?v=4&a=4&p=7
http://www.kaspersky.com/technews?id=203038695
http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15
http://www.rootkit.com/newsread.php?newsid=726
http://www.securityfocus.com/archive/1/471453/100/0/threaded
http://www.securityfocus.com/bid/18341
http://www.securityfocus.com/bid/24491
http://www.securitytracker.com/id?1018257
http://www.vupen.com/english/advisories/2006/2333
http://www.vupen.com/english/advisories/2007/2145
https://exchange.xforce.ibmcloud.com/vulnerabilities/27104
https://exchange.xforce.ibmcloud.com/vulnerabilities/34875

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:45

Objavljeno

19-06-2006 - 10:02