Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0023

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0023
Last Modified 07 Mar 2011 12:00:00
Published 07 Feb 2006 09:18:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0023

Summary

Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

Vulnerable Systems

Operating System

  • Microsoft Windows Xp


References

CERT-VN - VU#953860

MS - MS06-011

SECUNIA - 18756

XF - win-auth-users-insecure-permissions(24463)

CONFIRM - http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=

VUPEN - ADV-2006-0417

BUGTRAQ - 20060131 Windows Access Control Demystified

MISC - http://www.microsoft.com/technet/security/advisory/914457.mspx

MISC - http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

SECTRACK - 1015765

SECTRACK - 1015595

SECUNIA - 19313

SECUNIA - 19238


Last Updated: 27 May 2016 10:41:30