SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   AOL Vendors:   America Online, Inc.
AOL Client Insecure Default Permissions Lets Local Users Modify Files
SecurityTracker Alert ID:  1016717
SecurityTracker URL:  http://securitytracker.com/id/1016717
CVE Reference:   CVE-2006-0948   (Links to External Site)
Date:  Aug 18 2006
Impact:   Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): AOL 9.0 Security Edition revision 4184.2340
Description:   A vulnerability was reported in AOL. A local user can modify files on the target system.

The AOL client sets the default permissions on the 'America Online 9.0' directory to "Full Control" for the "Everyone" group. This allows local users to delete or modify files in that directory.

The vendor was notified on February 9, 2006.

Carsten Eiram of Secunia Research discovered this vulnerability.

The original advisory is available at:

http://secunia.com/secunia_research/2006-8/advisory/

Impact:   A local user can modify files on the target system.
Solution:   AOL has issued a fix. AOL members using AOL version 9.0 will receive the fix automatically when they login.

AOL members using earlier versions of the AOL client should upgrade to AOL 9.0 Security Edition.

Vendor URL:  www.aol.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC