| Vulnerability Name: | CVE-2006-0023 (CCN-24463) | ||||||||||||
| Assigned: | 2005-11-30 | ||||||||||||
| Published: | 2006-02-02 | ||||||||||||
| Updated: | 2018-10-19 | ||||||||||||
| Summary: | Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." Note: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. | ||||||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0023 Source: CCN Type: SA18756 Windows Insecure Service Permissions Privilege Escalation Source: SECUNIA Type: Patch, Vendor Advisory 18756 Source: CCN Type: SA19238 Avaya Modular Messaging Windows Privilege Escalation Security Issues Source: SECUNIA Type: Vendor Advisory 19238 Source: CCN Type: SA19313 Nortel Centrex IP Client Manager Windows Privilege Escalation Source: SECUNIA Type: Vendor Advisory 19313 Source: CCN Type: SECTRACK ID: 1015595 Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges Source: SECTRACK Type: UNKNOWN 1015595 Source: CCN Type: SECTRACK ID: 1015765 Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges Source: SECTRACK Type: UNKNOWN 1015765 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm Source: CCN Type: ASA-2006-069 Windows Security Updates for March 2006 - (MS06-011 MS06-012) Source: CCN Type: Secure Internet Programming laboratory at Princeton University Research Paper - January 31, 2006 Windows Access Control Demystified Source: MISC Type: UNKNOWN http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf Source: CCN Type: US-CERT VU#953860 Microsoft Windows privilege escalation vulnerability Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#953860 Source: CCN Type: Microsoft Security Advisory (914457) Possible Vulnerability in Windows Service ACLs Source: MISC Type: Vendor Advisory http://www.microsoft.com/technet/security/advisory/914457.mspx Source: CCN Type: Microsoft Security Bulletin MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) Source: BUGTRAQ Type: UNKNOWN 20060131 Windows Access Control Demystified Source: VUPEN Type: Vendor Advisory ADV-2006-0417 Source: CCN Type: Nortel Networks Security Advisory 2006006777 Centrex IP Client Manager (CICM) Response to Microsoft March Security Bulletin Source: CONFIRM Type: UNKNOWN http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID= Source: MS Type: UNKNOWN MS06-011 Source: XF Type: UNKNOWN win-auth-users-insecure-permissions(24463) Source: XF Type: UNKNOWN win-auth-users-insecure-permissions(24463) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1671 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1696 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||