SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  AOL Vendors:  America Online, Inc.
AOL Client Insecure Default Permissions Lets Local Users Modify Files
SecurityTracker Alert ID:  1016717
SecurityTracker URL:  http://securitytracker.com/id?1016717
CVE Reference:  CVE-2006-0948   (Links to External Site)
Date:  Aug 18 2006
Impact:  Modification of system information, Modification of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): AOL 9.0 Security Edition revision 4184.2340
Description:  A vulnerability was reported in AOL. A local user can modify files on the target system.

The AOL client sets the default permissions on the 'America Online 9.0' directory to "Full Control" for the "Everyone" group. This allows local users to delete or modify files in that directory.

The vendor was notified on February 9, 2006.

Carsten Eiram of Secunia Research discovered this vulnerability.

The original advisory is available at:

http://secunia.com/secunia_research/2006-8/advisory/
Impact:  A local user can modify files on the target system.
Solution:  AOL has issued a fix. AOL members using AOL version 9.0 will receive the fix automatically when they login.

AOL members using earlier versions of the AOL client should upgrade to AOL 9.0 Security Edition.
Vendor URL:  www.aol.com/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Fri, 18 Aug 2006 09:15:01 -0400
Subject:  AOL Insecure Default Directory Permissions

 
 
http://secunia.com/secunia_research/2006-8/advisory/
 
CVE-2006-0948


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC