Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2554

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-2554
Last Modified 07 Mar 2011 09:24:40
Published 12 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2554

Summary

The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.

Vulnerable Systems

Application

  • Network Associates Epolicy Orchestrator Agent 3.5.0 %28patch 3%29


References

VUPEN - ADV-2005-1402

FULLDISC - 20050811 Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3)

XF - epolicy-orchestrator-gain-privileges(21839)

BID - 14549

OSVDB - 18735

SECUNIA - 16410

MISC - http://reedarvin.thearvins.com/20050811-01.html

CONFIRM - http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml


Last Updated: 27 May 2016 10:40:34