lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 18 Aug 2006 15:26:15 +0200
From: Jakob Balle <jb@...unia.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Secunia Research: AOL Insecure Default Directory
	Permissions

====================================================================== 

                     Secunia Research 18/08/2006

          - AOL Insecure Default Directory Permissions -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
Vendor Statement.....................................................8
References...........................................................9
About Secunia.......................................................10
Verification........................................................11

====================================================================== 
1) Affected Software 

AOL 9.0 Security Edition revision 4184.2340.

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Less critical 
Impact: Privilege Escalation, Manipulation of Data
Where:  Local System

====================================================================== 
3) Vendor's Description of Software 

Product Link:
http://downloads.channel.aol.com/windowsproducts

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a security issue in AOL, which can be
exploited by malicious, local users to manipulate arbitrary files.

The problem is that AOL sets insecure default permissions (grants 
"Everyone" group "Full Control") on the "America Online 9.0" directory
and all child objects. This can be exploited to remove, manipulate, 
and replace any of the application's files.

====================================================================== 
5) Solution 

The vendor has issued an updated version (see the vendor statement).

====================================================================== 
6) Time Table 

09/02/2006 - Vendor notified.
09/02/2006 - Vendor response.
18/08/2006 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

====================================================================== 
8) Vendor Statement

Overview

AOL has recently been made aware of a local security vulnerability in
the AOL client software.  Upon installation, folders containing the 
AOL software retain local file permissions such that any local user 
may be able to overwrite files within the AOL program directories. 
A malicious user may be able to overwrite legitimate AOL software with
malicious code, thereby escalating their local privileges if a
privileged user were to unknowingly execute the user's software.

Affected Products and Applications

The following AOL software versions are affected by this issue:

* All versions of the AOL client

Solutions

1.  AOL Members using AOL 9.0 may simply log on to AOL and a fix will
be seamlessly applied to their system.

2.  AOL Members using earlier versions of the AOL client are 
recommended to upgrade to AOL 9.0 Security Edition

Acknowledgements

AOL would like to thank Secunia for their assistance in responsibly
addressing this issue.

======================================================================

9) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
candidate number CVE-2006-0948 for the vulnerability.

====================================================================== 
10) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
11) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-08/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ