Vulnerability Name: | CVE-2006-2856 (CCN-26915) | ||||||||
Assigned: | 2006-06-05 | ||||||||
Published: | 2006-06-05 | ||||||||
Updated: | 2017-07-20 | ||||||||
Summary: | ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. Note: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||||||
CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2006-2856 Source: CCN Type: SA20328 ActivePerl sitecustomize.pl Privilege Escalation Source: SECUNIA Type: Vendor Advisory 20328 Source: CCN Type: ActiveState Web site ActiveState - ActivePerl free Perl open source binary language distribution Source: OSVDB Type: UNKNOWN 25974 Source: CCN Type: OSVDB ID: 25974 ActivePerl sitecustomize.pl Local Privilege Escalation Source: BID Type: UNKNOWN 18269 Source: CCN Type: BID-18269 ActiveState ActivePerl Local Privilege Escalation Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-2140 Source: XF Type: UNKNOWN activeperl-sitecustomize-code-execution(26915) Source: XF Type: UNKNOWN activeperl-sitecustomize-code-execution(26915) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |