ID CVE-2006-5808 Type cve Reporter NVD Modified 2017-07-19T21:33:59
Description
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".
{"result": {"osvdb": [{"lastseen": "2017-04-28T13:20:26", "references": [], "description": "## Vulnerability Description\nCisco Secure Desktop contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the Web VPN product is installed on a NTFS formatted drive, and permissions are set to full control for all users. Several executable run with System privileges, and are easily replaced. This flaw may lead to a loss of integrity.\n## Solution Description\nUpgrade to version 3.1.1.45 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCisco Secure Desktop contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the Web VPN product is installed on a NTFS formatted drive, and permissions are set to full control for all users. Several executable run with System privileges, and are easily replaced. This flaw may lead to a loss of integrity.\n## References:\nVendor URL: http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml\nVendor URL: http://www.cisco.com\n[Secunia Advisory ID:22747](https://secuniaresearch.flexerasoftware.com/advisories/22747/)\n[Related OSVDB ID: 30306](https://vulners.com/osvdb/OSVDB:30306)\n[Related OSVDB ID: 30307](https://vulners.com/osvdb/OSVDB:30307)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0132.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0120.html\nISS X-Force ID: 30128\nFrSIRT Advisory: ADV-2006-4409\n[CVE-2006-5808](https://vulners.com/cve/CVE-2006-5808)\nBugtraq ID: 20964\n", "edition": 1, "reporter": "titon(titon@bastardlabs.com)", "published": "2006-11-08T10:18:47", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Cisco Secure Desktop (CSD) Installation Permission Weakness Local Privilege Escalation", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [{"name": "Secure Desktop", "version": "3.1.1.33", "operator": "eq"}], "cvelist": ["CVE-2006-5808"], "modified": "2006-11-08T10:18:47", "href": "https://vulners.com/osvdb/OSVDB:30308", "id": "OSVDB:30308", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cisco": [{"lastseen": "2017-09-26T15:34:18", "_object_types": ["robots.models.cisco.CiscoBulletin", "robots.models.base.Bulletin"], "enchantments_done": [], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20061108-csd"], "description": "", "reporter": "Cisco", "published": "2006-11-08T16:00:00", "title": "Multiple Vulnerabilities in Cisco Secure Desktop", "type": "cisco", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Secure Desktop", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2006-5806", "CVE-2006-5807", "CVE-2006-5808"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2006-11-08T16:00:00", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20061108-csd", "id": "CISCO-SA-20061108-CSD", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}}
