Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0948

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-0948
Last Modified 07 Mar 2011 09:31:25
Published 21 Aug 2006 02:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0948

Summary

AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.

Vulnerable Systems

Application

  • Aol 9.0 4184.2340


References

XF - aol-default-insecure-permissions(28445)

BID - 19583

SECTRACK - 1016717

SECUNIA - 18734

VUPEN - ADV-2006-3317

BUGTRAQ - 20060818 Secunia Research: AOL Insecure Default Directory Permissions

OSVDB - 27995

SREASON - 1416

MISC - http://secunia.com/secunia_research/2006-08


Last Updated: 27 May 2016 10:41:52