CVE: CVE-2006-0023

Descrizione: Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka “Permissive Windows Services DACLs.” NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

Vettore di attacco

Riferimenti esterni

• http://secunia.com/advisories/19313
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671
• http://securitytracker.com/id?1015765
• http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
• http://secunia.com/advisories/19238
• http://www.securityfocus.com/archive/1/423587/100/0/threaded
• http://www.kb.cert.org/vuls/id/953860
• http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=
• http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
• https://exchange.xforce.ibmcloud.com/vulnerabilities/24463
• http://secunia.com/advisories/18756
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696
• http://www.microsoft.com/technet/security/advisory/914457.mspx
• http://securitytracker.com/id?1015595
• http://www.vupen.com/english/advisories/2006/0417

Prodotti interessati

• n/a – n/a

Relazioni con altri prodotti

Nessun prodotto trovato per il CVE: cve-2006-0023