Vulnerability CVE-2007-1793 - CERT Civis.Net

Vulnerability Name:

CVE-2007-1793 (CCN-33352)

Assigned:

2007-04-01

Published:

2007-04-01

Updated:

2018-10-16

Summary:

SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions.
Note: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.

CVSS v3 Severity:

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.9 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2007-1793

Source: OSVDB
Type: UNKNOWN
34692

Source: CCN
Type: SA24677
Symantec Norton Personal Firewall Hooked Functions Denial of Service

Source: SECUNIA
Type: Vendor Advisory
24677

Source: CCN
Type: SYM08-022
Symantec SPBBCDRV.SYS Device Driver Local Denial of Service

Source: CONFIRM
Type: UNKNOWN
http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html

Source: CCN
Type: SECTRACK ID: 1017837
Norton Personal Firewall `SPBBCDrv.sys` Driver Lets Local Users Deny Service and Potentially Gain Elevated Privileges

Source: CCN
Type: SECTRACK ID: 1017838
Norton Internet Security `SPBBCDrv.sys` Driver Lets Local Users Deny Service and Potentially Gain Elevated Privileges

Source: CCN
Type: SECTRACK ID: 1021386
Norton AntiSpam Input Validation Flaw in SPBBCDRV.SYS Device Driver Lets Local Users Deny Service

Source: CCN
Type: SECTRACK ID: 1021387
Norton System Works Input Validation Flaw in SPBBCDRV.SYS Device Driver Lets Local Users Deny Service

Source: CCN
Type: SECTRACK ID: 1021388
Symantec Client Security Input Validation Flaw in SPBBCDRV.SYS Device Driver Lets Local Users Deny Service

Source: CCN
Type: SECTRACK ID: 1021389
Symantec AntiVirus Corporate Edition Input Validation Flaw in SPBBCDRV.SYS Device Driver Lets Local Users Deny Service

Source: CCN
Type: Matousec Transparent Security Advisory 2007-04-01.01
Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability

Source: MISC
Type: Vendor Advisory
http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php

Source: MISC
Type: UNKNOWN
http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php

Source: MISC
Type: UNKNOWN
http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php

Source: CCN
Type: OSVDB ID: 34692
Symantec Norton Personal Firewall SPBBCDrv.sys Hooked SSDT Functions Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 45897
Symantec Norton Internet Security SSDT Hooks Local Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070918 Plague in (security) software drivers & BSDOhook utility

Source: BID
Type: Exploit
23241

Source: CCN
Type: BID-23241
Symantec Multiple Products SPBBCDrv Driver Local Denial of Service Vulnerability

Source: SECTRACK
Type: Patch
1017837

Source: SECTRACK
Type: Patch
1017838

Source: SECTRACK
Type: UNKNOWN
1021386

Source: SECTRACK
Type: UNKNOWN
1021387

Source: SECTRACK
Type: UNKNOWN
1021388

Source: SECTRACK
Type: UNKNOWN
1021389

Source: CCN
Type: Symantec Norton Personal Firewall Web site
null: Overview - Symantec Corp.

Source: VUPEN
Type: Vendor Advisory
ADV-2007-1192

Source: XF
Type: UNKNOWN
symantec-firewall-ssdt-dos(33352)

Source: XF
Type: UNKNOWN
symantec-firewall-ssdt-dos(33352)

Vulnerable Configuration:

Configuration 1:

cpe:/a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.1.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2.2:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.3:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.4:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.5:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.6:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.7:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.8:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.9:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.394:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.396:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.400:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.401:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_360:1.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antispam:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antispam:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006_9.1.1.7:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:2006:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antispam:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:2006:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antispam:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_360:1.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.394:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.396:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.400:*:*:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0::corporate:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_system_works:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006_9.1.1.7:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:3.1.401:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006_9.1.1.7:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.1::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.3::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.4::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.5::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.6::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.7::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.8::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.9::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2.1::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2.2::corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.1.1::corporate:*:*:*:*:*

Denotes that component is vulnerable