Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0066

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0066
Last Modified 10 Sep 2008 03:11:14
Published 22 Apr 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0066

Summary

Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.

Vulnerable Systems

Application

  • Bindview Netrc 1.0

  • Bindview Netrc 3.06

  • Funk Software Proxy 3.0

  • Funk Software Proxy 3.06

  • Funk Software Proxy 3.09


References

BINDVIEW - 20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x

BID - 4460

XF - funk-proxy-named-pipe(8793)


Last Updated: 27 May 2016 10:36:46