Details of VAR-200212-0571

ID

VAR-200212-0571

CVE

CVE-2002-1695

TITLE

Multiple vendor products allow non-privileged users to modify log file vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200212-649

DESCRIPTION

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. This is due to the default file system permissions in Windows. Unprivileged users could modify the log file using a File Open Dialog with Win32 API call. The following are the default permissions on the log files folder: Administrators: Full Control Everyone: Change (RWXD) IUSR_ ComputerName : Full Control System: Full Control

Trust: 1.17

sources: NVD: CVE-2002-1695 // BID: 3888

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.0
vendor:	symantec	model:	norton internet security	scope:	eq	version:	2001	Trust: 1.0
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	symantec	model:	norton internet security	scope:	eq	version:	20010	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 3888 // CNNVD: CNNVD-200212-649 // NVD: CVE-2002-1695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1695
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-649
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2002-1695
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200212-649 // NVD: CVE-2002-1695

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-649

TYPE

Design Error

Trust: 0.9

sources: BID: 3888 // CNNVD: CNNVD-200212-649

EXTERNAL IDS

db:	BID	id:	3888	Trust: 1.9
db:	NVD	id:	CVE-2002-1695	Trust: 1.6
db:	NSFOCUS	id:	2160	Trust: 0.6
db:	XF	id:	7919	Trust: 0.6
db:	CNNVD	id:	CNNVD-200212-649	Trust: 0.6

sources: BID: 3888 // CNNVD: CNNVD-200212-649 // NVD: CVE-2002-1695

REFERENCES

url:	http://www.securityfocus.com/bid/3888	Trust: 2.6
url:	http://online.securityfocus.com/archive/1/250591	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7919	Trust: 2.0
url:	http://xforce.iss.net/xforce/xfdb/7919	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/2160	Trust: 0.6
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/iis4cl.asp	Trust: 0.3
url:	http://www.microsoft.com/technet/security	Trust: 0.3
url:	http://www.symantec.com/sabu/nis/nis_pe/	Trust: 0.3
url:	http://support.microsoft.com/default.aspx?scid=kb;en-us;q315986	Trust: 0.3

sources: BID: 3888 // CNNVD: CNNVD-200212-649 // NVD: CVE-2002-1695

CREDITS

Information Anarchy 2K01※ advisories@nmrc.org

Trust: 0.6

sources: CNNVD: CNNVD-200212-649

SOURCES

db:	BID	id:	3888
db:	CNNVD	id:	CNNVD-200212-649
db:	NVD	id:	CVE-2002-1695

LAST UPDATE DATE

2024-11-22T22:48:44.621000+00:00

SOURCES UPDATE DATE

db:	BID	id:	3888	date:	2002-01-16T00:00:00
db:	CNNVD	id:	CNNVD-200212-649	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1695	date:	2024-11-20T23:41:54.180

SOURCES RELEASE DATE

db:	BID	id:	3888	date:	2002-01-16T00:00:00
db:	CNNVD	id:	CNNVD-200212-649	date:	2002-01-16T00:00:00
db:	NVD	id:	CVE-2002-1695	date:	2002-12-31T05:00:00