Lucene search

MitreCVE-2005-0114

HistoryFeb 11, 2005 - 5:00 a.m.

CVE-2005-0114

2005-02-1105:00:00

mitre

web.nvd.nist.gov

zonealarm

check point

vsdatant.sys

ntconnectport

memory address

denial of service

cve-2005-0114

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.

Affected configurations

Nvd

Node

checkpointcheck_point_integrity_clientRange≤5.1.556.166

checkpointcheck_point_integrity_clientMatch4.5.122.000

zonelabszonealarmMatch5.5.062.011

zonelabszonealarm_wireless_securityRange≤5.5.080.000

VendorProductVersionCPE
checkpointcheck_point_integrity_client*cpe:2.3:a:checkpoint:check_point_integrity_client:*:*:*:*:*:*:*:*
checkpointcheck_point_integrity_client4.5.122.000cpe:2.3:a:checkpoint:check_point_integrity_client:4.5.122.000:*:*:*:*:*:*:*
zonelabszonealarm5.5.062.011cpe:2.3:a:zonelabs:zonealarm:5.5.062.011:*:*:*:*:*:*:*
zonelabszonealarm_wireless_security*cpe:2.3:a:zonelabs:zonealarm_wireless_security:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
checkpoint	check_point_integrity_client	*	cpe:2.3:a:checkpoint:check_point_integrity_client::::::::
checkpoint	check_point_integrity_client	4.5.122.000	cpe:2.3:a:checkpoint:check_point_integrity_client:4.5.122.000:::::::*
zonelabs	zonealarm	5.5.062.011	cpe:2.3:a:zonelabs:zonealarm:5.5.062.011:::::::*
zonelabs	zonealarm_wireless_security	*	cpe:2.3:a:zonelabs:zonealarm_wireless_security::::::::

References

download.zonelabs.com/bin/free/securityAlert/19.html

secunia.com/advisories/14256

www.idefense.com/application/poi/display?id=199&type=vulnerabilities

www.securityfocus.com/bid/12531

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-0114