Vulnerability CVE-2007-2174

Vulnerability Name:

CVE-2007-2174 (CCN-33786)

Assigned:

2007-04-20

Published:

2007-04-20

Updated:

2018-10-16

Summary:

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.

CVSS v3 Severity:

8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: BugTraq Mailing List, Mon Apr 23 2007 - 07:40:24 CDT
[Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation

Source: MITRE
Type: CNA
CVE-2007-2174

Source: IDEFENSE
Type: Vendor Advisory
20070420 Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability

Source: CCN
Type: SA24986
ZoneAlarm Products SRESCAN.SYS IOCTL Handler Privilege Escalation

Source: SECUNIA
Type: Patch, Vendor Advisory
24986

Source: CCN
Type: SECTRACK ID: 1017948
ZoneAlarm `srescan.sys` Driver Lets Local Users Gain System Privileges

Source: CCN
Type: SECTRACK ID: 1017953
Sun Cluster Remote USCSICMD IOCTL Processing Bug Lets Remote Authenticated Users Deny Service

Source: CCN
Type: OSVDB ID: 35238
ZoneAlarm Spyware Removal Engine (SRE) srescan.sys IOCTL Handling Local Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20070423 [Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation

Source: BID
Type: UNKNOWN
23579

Source: CCN
Type: BID-23579
Check Point Zone Alarm Srescan.SYS Multiple Local Privilege Escalation Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1017948

Source: SECTRACK
Type: UNKNOWN
1017953

Source: VUPEN
Type: UNKNOWN
ADV-2007-1491

Source: CCN
Type: Check Point ZoneAlarm Web site
Check Point ZoneAlarm - Internet security products, online safety, software, protection

Source: XF
Type: UNKNOWN
zonealarm-srescan-privilege-escalation(33786)

Source: XF
Type: UNKNOWN
zonealarm-srescan-privilege-escalation(33786)

Source: CCN
Type: iDefense Security Advisory 04.20.07
Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:checkpoint:zonealarm:*:*:*:*:*:*:*:* (Version <= 5.0.63.0)

Configuration CCN 1:

cpe:/a:checkpoint:zonealarm:5.0.63.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK