Details of VAR-200611-0339

ID

VAR-200611-0339

CVE

CVE-2006-5817

TITLE

Mac Build Security Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-8385 // CNNVD: CNNVD-200611-127

DESCRIPTION

prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Parallels Desktop for Mac Insecure File Permissions SECUNIA ADVISORY ID: SA22634 VERIFY ADVISORY: http://secunia.com/advisories/22634/ CRITICAL: Less critical IMPACT: Unknown WHERE: Local system SOFTWARE: Parallels Desktop for Mac http://secunia.com/product/12498/ DESCRIPTION: Fabio Pietrosanti has reported a security issue with unknown impact in Parallels Desktop for Mac. The security issue is caused due to /Library/StartupItems/Parallels/prl_dhcpd creating the file "/Library/Parallels/.dhcpd_configuration" with insecure file permissions (set to 666). Other versions may also be affected. SOLUTION: Grant only trusted users to affected systems. PROVIDED AND/OR DISCOVERED BY: Fabio Pietrosanti ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2006-5817 // JVNDB: JVNDB-2006-002392 // CNVD: CNVD-2006-8385 // BID: 87399 // VULMON: CVE-2006-5817 // PACKETSTORM: 51690

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-8385

AFFECTED PRODUCTS

vendor:	parallels	model:	desktop	scope:	eq	version:	build_1940	Trust: 1.6
vendor:	parallels	model:	desktop	scope:	eq	version:	build 1940	Trust: 0.8
vendor:	parallels	model:	desktop parallels build 1940::mac	scope:	-	version:	-	Trust: 0.6
vendor:	parallels	model:	desktop for mac os build mac	scope:	eq	version:	x1940	Trust: 0.3

sources: CNVD: CNVD-2006-8385 // BID: 87399 // JVNDB: JVNDB-2006-002392 // CNNVD: CNNVD-200611-127 // NVD: CVE-2006-5817

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5817
value:	LOW
Trust: 1.0
NVD:	CVE-2006-5817
value:	LOW
Trust: 0.8
CNVD:	CNVD-2006-8385
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-200611-127
value:	LOW
Trust: 0.6
VULMON:	CVE-2006-5817
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2006-5817
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2006-8385
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2006-8385 // VULMON: CVE-2006-5817 // JVNDB: JVNDB-2006-002392 // CNNVD: CNNVD-200611-127 // NVD: CVE-2006-5817

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5817

THREAT TYPE

local

Trust: 0.9

sources: BID: 87399 // CNNVD: CNNVD-200611-127

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200611-127

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002392

PATCH

title:

Parallels Desktop

url:

http://www.parallels.com/jp/products/desktop/

Trust: 0.8

sources: JVNDB: JVNDB-2006-002392

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5817	Trust: 3.4
db:	SECUNIA	id:	22634	Trust: 1.8
db:	JVNDB	id:	JVNDB-2006-002392	Trust: 0.8
db:	CNVD	id:	CNVD-2006-8385	Trust: 0.6
db:	FULLDISC	id:	20061027 PARALLELS DESKTOP FILE PERMISSION NOTICE	Trust: 0.6
db:	CNNVD	id:	CNNVD-200611-127	Trust: 0.6
db:	BID	id:	87399	Trust: 0.4
db:	VULMON	id:	CVE-2006-5817	Trust: 0.1
db:	PACKETSTORM	id:	51690	Trust: 0.1

sources: CNVD: CNVD-2006-8385 // VULMON: CVE-2006-5817 // BID: 87399 // JVNDB: JVNDB-2006-002392 // PACKETSTORM: 51690 // CNNVD: CNNVD-200611-127 // NVD: CVE-2006-5817

REFERENCES

url:	http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0582.html	Trust: 2.0
url:	http://secunia.com/advisories/22634	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5817	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5817	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/87399	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://corporate.secunia.com/products/48/?r=l	Trust: 0.1
url:	http://secunia.com/product/12498/	Trust: 0.1
url:	http://secunia.com/advisories/22634/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/15/?r=l	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2006-8385 // VULMON: CVE-2006-5817 // BID: 87399 // JVNDB: JVNDB-2006-002392 // PACKETSTORM: 51690 // CNNVD: CNNVD-200611-127 // NVD: CVE-2006-5817

CREDITS

Unknown

Trust: 0.3

sources: BID: 87399

SOURCES

db:	CNVD	id:	CNVD-2006-8385
db:	VULMON	id:	CVE-2006-5817
db:	BID	id:	87399
db:	JVNDB	id:	JVNDB-2006-002392
db:	PACKETSTORM	id:	51690
db:	CNNVD	id:	CNNVD-200611-127
db:	NVD	id:	CVE-2006-5817

LAST UPDATE DATE

2024-08-14T15:25:30.628000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-8385	date:	2006-11-08T00:00:00
db:	VULMON	id:	CVE-2006-5817	date:	2008-09-05T00:00:00
db:	BID	id:	87399	date:	2006-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2006-002392	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200611-127	date:	2006-11-16T00:00:00
db:	NVD	id:	CVE-2006-5817	date:	2008-09-05T21:13:11.557

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-8385	date:	2006-11-08T00:00:00
db:	VULMON	id:	CVE-2006-5817	date:	2006-11-08T00:00:00
db:	BID	id:	87399	date:	2006-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2006-002392	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	51690	date:	2006-11-06T18:07:49
db:	CNNVD	id:	CNNVD-200611-127	date:	2006-11-08T00:00:00
db:	NVD	id:	CVE-2006-5817	date:	2006-11-08T23:07:00