Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified DoS
2007-07-18T00:00:00
ID KASPERSKY_CHECKPOINT_DOS.NASL Type nessus Reporter Tenable Modified 2016-05-11T00:00:00
Description
The version of Kaspersky Anti-Virus for Check Point FireWall-1 installed on the remote host suffers from an as-yet unspecified issue in which the antivirus kernel may freeze.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(25710);
script_version("$Revision: 1.18 $");
script_cvs_date("$Date: 2016/05/11 13:32:18 $");
script_cve_id("CVE-2007-3906");
script_bugtraq_id(24932);
script_osvdb_id(36127);
script_name(english:"Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified DoS");
script_summary(english:"Checks product version");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an application that is prone to a
denial of service attack.");
script_set_attribute(attribute:"description", value:
"The version of Kaspersky Anti-Virus for Check Point FireWall-1
installed on the remote host suffers from an as-yet unspecified issue
in which the antivirus kernel may freeze.");
script_set_attribute(attribute:"see_also", value:"http://support.kaspersky.com/checkpoint?qid=208279464");
script_set_attribute(attribute:"solution", value:
"Apply Critical Fix 1 for Kaspersky Anti-Virus 5.5 for Check Point
FireWall-1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:kaspersky_lab:kaspersky_anti-virus");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
include("smb_activex_func.inc");
include("smb_hotfixes.inc");
include("audit.inc");
if (!get_kb_item("SMB/Registry/Enumerated")) exit(0);
# Find installation path using one of the app's ActiveX controls.
if (activex_init() != ACX_OK) exit(0);
path = NULL;
clsids = make_list(
"{0516825F-D051-4E11-BC1D-A6240791074A}",
"{0C7833BF-CC58-4E22-8A3E-8C60983690D4}"
);
foreach clsid (clsids)
{
file = activex_get_filename(clsid:clsid);
if (file)
{
path = ereg_replace(pattern:"^(.+)\\[^\\]+$", replace:"\1", string:file);
break;
}
}
activex_end();
if (isnull(path)) exit(0);
# Connect to the appropriate share.
name = kb_smb_name();
port = kb_smb_transport();
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');
rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if (rc != 1)
{
NetUseDel();
exit(0);
}
NetUseDel(close:FALSE);
# Grab the file version of the affected file.
share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:path);
exe = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\Kav4cpf1.exe", string:path);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
if (rc != 1)
{
NetUseDel();
exit(0);
}
fh = CreateFile(
file:exe,
desired_access:GENERIC_READ,
file_attributes:FILE_ATTRIBUTE_NORMAL,
share_mode:FILE_SHARE_READ,
create_disposition:OPEN_EXISTING
);
if (!isnull(fh))
{
ver = GetFileVersion(handle:fh);
CloseFile(handle:fh);
}
NetUseDel();
# Check the version number.
if (!isnull(ver))
{
fix = split("5.5.161.0", sep:'.', keep:FALSE);
for (i=0; i<4; i++)
fix[i] = int(fix[i]);
for (i=0; i<max_index(ver); i++)
if ((ver[i] < fix[i]))
{
version = string(ver[0], ".", ver[1], ".", ver[2], ".", ver[3]);
report = string(
"\n",
"Version ", version, " of Kaspersky Anti-Virus for Check Point FireWall-1 is\n",
"installed under :\n",
"\n",
" ", path
);
security_warning(port:port, extra:report);
break;
}
else if (ver[i] > fix[i])
break;
}
{"id": "KASPERSKY_CHECKPOINT_DOS.NASL", "bulletinFamily": "scanner", "title": "Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified DoS", "description": "The version of Kaspersky Anti-Virus for Check Point FireWall-1 installed on the remote host suffers from an as-yet unspecified issue in which the antivirus kernel may freeze.", "published": "2007-07-18T00:00:00", "modified": "2016-05-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25710", "reporter": "Tenable", "references": ["http://support.kaspersky.com/checkpoint?qid=208279464"], "cvelist": ["CVE-2007-3906"], "type": "nessus", "lastseen": "2017-10-29T13:38:52", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-3906"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The version of Kaspersky Anti-Virus for Check Point FireWall-1 installed on the remote host suffers from an as-yet unspecified issue in which the antivirus kernel may freeze.", "edition": 1, "enchantments": {}, "hash": "838aa365191cf86c3af848469c2ac13b78c6f6049c0ee8dc053d0d3ac2e20b59", "hashmap": [{"hash": "ca543d75e870dac40dd445135845c628", "key": "cvelist"}, {"hash": "2f98c4deb1f1fb7aa0a16013a9f5ee01", "key": "modified"}, {"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "541a7cf36de32236607cc5ae21889a23", "key": "description"}, {"hash": "977c3d4813ec9e89c25e0e0c86b1890c", "key": "published"}, {"hash": "d5fc0f547b6a222c1fb5017b94dadee3", "key": "title"}, {"hash": "9631c3c9b9fb8a491659541e3e297c07", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "25a9ebe975bbaedeae873decb4cd01a9", "key": "pluginID"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "3d22ea803bf4c8f5eea7f2ef9d3a7921", "key": "sourceData"}, {"hash": "194d89b62a82d55d612c1e3bd981f9bb", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25710", "id": "KASPERSKY_CHECKPOINT_DOS.NASL", "lastseen": "2016-09-26T17:24:49", "modified": "2016-05-11T00:00:00", "naslFamily": "Windows", "objectVersion": "1.2", "pluginID": "25710", "published": "2007-07-18T00:00:00", "references": ["http://support.kaspersky.com/checkpoint?qid=208279464"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25710);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:32:18 $\");\n\n script_cve_id(\"CVE-2007-3906\");\n script_bugtraq_id(24932);\n script_osvdb_id(36127);\n\n script_name(english:\"Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified DoS\");\n script_summary(english:\"Checks product version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is prone to a\ndenial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Kaspersky Anti-Virus for Check Point FireWall-1\ninstalled on the remote host suffers from an as-yet unspecified issue\nin which the antivirus kernel may freeze.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.kaspersky.com/checkpoint?qid=208279464\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Critical Fix 1 for Kaspersky Anti-Virus 5.5 for Check Point\nFireWall-1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:kaspersky_lab:kaspersky_anti-virus\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"audit.inc\");\n\n\nif (!get_kb_item(\"SMB/Registry/Enumerated\")) exit(0);\n\n\n# Find installation path using one of the app's ActiveX controls.\nif (activex_init() != ACX_OK) exit(0);\n\npath = NULL;\nclsids = make_list(\n \"{0516825F-D051-4E11-BC1D-A6240791074A}\",\n \"{0C7833BF-CC58-4E22-8A3E-8C60983690D4}\"\n);\nforeach clsid (clsids)\n{\n file = activex_get_filename(clsid:clsid);\n if (file)\n {\n path = ereg_replace(pattern:\"^(.+)\\\\[^\\\\]+$\", replace:\"\\1\", string:file);\n break;\n }\n}\nactivex_end();\nif (isnull(path)) exit(0);\n\n\n# Connect to the appropriate share.\nname = kb_smb_name();\nport = kb_smb_transport();\n\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\n\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\nNetUseDel(close:FALSE);\n\n\n# Grab the file version of the affected file.\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Kav4cpf1.exe\", string:path);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(\n file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n);\nif (!isnull(fh))\n{\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n}\nNetUseDel();\n\n\n# Check the version number.\nif (!isnull(ver))\n{\n fix = split(\"5.5.161.0\", sep:'.', keep:FALSE);\n for (i=0; i<4; i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(ver); i++)\n if ((ver[i] < fix[i]))\n {\n version = string(ver[0], \".\", ver[1], \".\", ver[2], \".\", ver[3]);\n report = string(\n \"\\n\",\n \"Version \", version, \" of Kaspersky Anti-Virus for Check Point FireWall-1 is\\n\",\n \"installed under :\\n\",\n \"\\n\",\n \" \", path\n );\n security_warning(port:port, extra:report);\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n", "title": "Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified DoS", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:49"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "a473cd5d48e0cf7c3e68d8615251ece8"}, {"key": "cvelist", "hash": "ca543d75e870dac40dd445135845c628"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "541a7cf36de32236607cc5ae21889a23"}, {"key": "href", "hash": "194d89b62a82d55d612c1e3bd981f9bb"}, {"key": "modified", "hash": "2f98c4deb1f1fb7aa0a16013a9f5ee01"}, {"key": "naslFamily", "hash": "aea23489ce3aa9b6406ebb28e0cda430"}, {"key": "pluginID", "hash": "25a9ebe975bbaedeae873decb4cd01a9"}, {"key": "published", "hash": "977c3d4813ec9e89c25e0e0c86b1890c"}, {"key": "references", "hash": "9631c3c9b9fb8a491659541e3e297c07"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "3d22ea803bf4c8f5eea7f2ef9d3a7921"}, {"key": "title", "hash": "d5fc0f547b6a222c1fb5017b94dadee3"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "dd161c8824fab5a3198d549c9ea1080a1ac2c54cc8e88aa9526c9618001c04b8", "viewCount": 0, "enchantments": {"vulnersScore": 2.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25710);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:32:18 $\");\n\n script_cve_id(\"CVE-2007-3906\");\n script_bugtraq_id(24932);\n script_osvdb_id(36127);\n\n script_name(english:\"Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified DoS\");\n script_summary(english:\"Checks product version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is prone to a\ndenial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Kaspersky Anti-Virus for Check Point FireWall-1\ninstalled on the remote host suffers from an as-yet unspecified issue\nin which the antivirus kernel may freeze.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.kaspersky.com/checkpoint?qid=208279464\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Critical Fix 1 for Kaspersky Anti-Virus 5.5 for Check Point\nFireWall-1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:kaspersky_lab:kaspersky_anti-virus\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"audit.inc\");\n\n\nif (!get_kb_item(\"SMB/Registry/Enumerated\")) exit(0);\n\n\n# Find installation path using one of the app's ActiveX controls.\nif (activex_init() != ACX_OK) exit(0);\n\npath = NULL;\nclsids = make_list(\n \"{0516825F-D051-4E11-BC1D-A6240791074A}\",\n \"{0C7833BF-CC58-4E22-8A3E-8C60983690D4}\"\n);\nforeach clsid (clsids)\n{\n file = activex_get_filename(clsid:clsid);\n if (file)\n {\n path = ereg_replace(pattern:\"^(.+)\\\\[^\\\\]+$\", replace:\"\\1\", string:file);\n break;\n }\n}\nactivex_end();\nif (isnull(path)) exit(0);\n\n\n# Connect to the appropriate share.\nname = kb_smb_name();\nport = kb_smb_transport();\n\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\n\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\nNetUseDel(close:FALSE);\n\n\n# Grab the file version of the affected file.\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Kav4cpf1.exe\", string:path);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(\n file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n);\nif (!isnull(fh))\n{\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n}\nNetUseDel();\n\n\n# Check the version number.\nif (!isnull(ver))\n{\n fix = split(\"5.5.161.0\", sep:'.', keep:FALSE);\n for (i=0; i<4; i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(ver); i++)\n if ((ver[i] < fix[i]))\n {\n version = string(ver[0], \".\", ver[1], \".\", ver[2], \".\", ver[3]);\n report = string(\n \"\\n\",\n \"Version \", version, \" of Kaspersky Anti-Virus for Check Point FireWall-1 is\\n\",\n \"installed under :\\n\",\n \"\\n\",\n \" \", path\n );\n security_warning(port:port, extra:report);\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n", "naslFamily": "Windows", "pluginID": "25710", "cpe": ["cpe:/a:kaspersky_lab:kaspersky_anti-virus"]}
{"result": {"cve": [{"id": "CVE-2007-3906", "type": "cve", "title": "CVE-2007-3906", "description": "Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role.", "published": "2007-07-19T13:30:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3906", "cvelist": ["CVE-2007-3906"], "lastseen": "2017-07-29T11:22:09"}], "osvdb": [{"id": "OSVDB:36127", "type": "osvdb", "title": "Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified DoS", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:26064](https://secuniaresearch.flexerasoftware.com/advisories/26064/)\nOther Advisory URL: http://support.kaspersky.com/checkpoint?qid=208279464\nISS X-Force ID: 35454\nFrSIRT Advisory: ADV-2007-2561\n[CVE-2007-3906](https://vulners.com/cve/CVE-2007-3906)\nBugtraq ID: 24932\n", "published": "2007-07-17T17:22:07", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:36127", "cvelist": ["CVE-2007-3906"], "lastseen": "2017-04-28T13:20:32"}]}}