CVE-2006-4855
Gravedad CVSS v2.0:
MEDIA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
19/09/2006
Última modificación:
03/04/2025
Descripción
El driver \Device\SymEvent en Symantec Norton Personal Firewall 2006 9.1.0.33, y otras versiones del Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, y 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0 y 10.1, Symantec pcAnywhere 11.5 y Symantec Host, permite a usuarios locales provocar una denegación de servicio (caída del sistema) vía una información inválida, como ha sido demostrado llamando a DeviceIoControl para enviar la información.
Impacto
Puntuación base 2.0
4.90
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.0_b8.01.9378:*:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.425a:mr1:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.429c:mr2:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.501:mr9:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.0_build_8.01.9374:*:*:*:*:*:*:* | ||
| cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://secunia.com/advisories/21938
- http://securityreason.com/securityalert/1591
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html
- http://securitytracker.com/id?1016889=
- http://securitytracker.com/id?1016892=
- http://securitytracker.com/id?1016893=
- http://securitytracker.com/id?1016894=
- http://securitytracker.com/id?1016895=
- http://securitytracker.com/id?1016896=
- http://securitytracker.com/id?1016897=
- http://securitytracker.com/id?1016898=
- http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php
- http://www.securityfocus.com/archive/1/446111/100/0/threaded
- http://www.securityfocus.com/bid/20051
- http://www.vupen.com/english/advisories/2006/3636
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28960
- http://secunia.com/advisories/21938
- http://securityreason.com/securityalert/1591
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html
- http://securitytracker.com/id?1016889=
- http://securitytracker.com/id?1016892=
- http://securitytracker.com/id?1016893=
- http://securitytracker.com/id?1016894=
- http://securitytracker.com/id?1016895=
- http://securitytracker.com/id?1016896=
- http://securitytracker.com/id?1016897=
- http://securitytracker.com/id?1016898=
- http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php
- http://www.securityfocus.com/archive/1/446111/100/0/threaded
- http://www.securityfocus.com/bid/20051
- http://www.vupen.com/english/advisories/2006/3636
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28960