var-200611-0339
Vulnerability from variot
prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration.
To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.
The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.
This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links
Read the full description: http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l
TITLE: Parallels Desktop for Mac Insecure File Permissions
SECUNIA ADVISORY ID: SA22634
VERIFY ADVISORY: http://secunia.com/advisories/22634/
CRITICAL: Less critical
IMPACT: Unknown
WHERE: Local system
SOFTWARE: Parallels Desktop for Mac http://secunia.com/product/12498/
DESCRIPTION: Fabio Pietrosanti has reported a security issue with unknown impact in Parallels Desktop for Mac.
The security issue is caused due to /Library/StartupItems/Parallels/prl_dhcpd creating the file "/Library/Parallels/.dhcpd_configuration" with insecure file permissions (set to 666). Other versions may also be affected.
SOLUTION: Grant only trusted users to affected systems.
PROVIDED AND/OR DISCOVERED BY: Fabio Pietrosanti
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200611-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "parallels",
"version": "build_1940"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "parallels",
"version": "build 1940"
},
{
"model": "desktop parallels build 1940::mac",
"scope": null,
"trust": 0.6,
"vendor": "parallels",
"version": null
},
{
"model": "desktop for mac os build mac",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "x1940"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"db": "BID",
"id": "87399"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002392"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-127"
},
{
"db": "NVD",
"id": "CVE-2006-5817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:parallels:parallels_desktop",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002392"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87399"
}
],
"trust": 0.3
},
"cve": "CVE-2006-5817",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-5817",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2006-8385",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5817",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2006-5817",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2006-8385",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200611-127",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2006-5817",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"db": "VULMON",
"id": "CVE-2006-5817"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002392"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-127"
},
{
"db": "NVD",
"id": "CVE-2006-5817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nParallels Desktop for Mac Insecure File Permissions\n\nSECUNIA ADVISORY ID:\nSA22634\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22634/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nUnknown\n\nWHERE:\nLocal system\n\nSOFTWARE:\nParallels Desktop for Mac\nhttp://secunia.com/product/12498/\n\nDESCRIPTION:\nFabio Pietrosanti has reported a security issue with unknown impact\nin Parallels Desktop for Mac. \n\nThe security issue is caused due to\n/Library/StartupItems/Parallels/prl_dhcpd creating the file\n\"/Library/Parallels/.dhcpd_configuration\" with insecure file\npermissions (set to 666). Other versions may also be affected. \n\nSOLUTION:\nGrant only trusted users to affected systems. \n\nPROVIDED AND/OR DISCOVERED BY:\nFabio Pietrosanti\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5817"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002392"
},
{
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"db": "BID",
"id": "87399"
},
{
"db": "VULMON",
"id": "CVE-2006-5817"
},
{
"db": "PACKETSTORM",
"id": "51690"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5817",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "22634",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002392",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2006-8385",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20061027 PARALLELS DESKTOP FILE PERMISSION NOTICE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200611-127",
"trust": 0.6
},
{
"db": "BID",
"id": "87399",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2006-5817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "51690",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"db": "VULMON",
"id": "CVE-2006-5817"
},
{
"db": "BID",
"id": "87399"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002392"
},
{
"db": "PACKETSTORM",
"id": "51690"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-127"
},
{
"db": "NVD",
"id": "CVE-2006-5817"
}
]
},
"id": "VAR-200611-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8385"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8385"
}
]
},
"last_update_date": "2024-11-23T23:06:59.116000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Parallels Desktop",
"trust": 0.8,
"url": "http://www.parallels.com/jp/products/desktop/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002392"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5817"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0582.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22634"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5817"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5817"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/87399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/products/48/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12498/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22634/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"db": "VULMON",
"id": "CVE-2006-5817"
},
{
"db": "BID",
"id": "87399"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002392"
},
{
"db": "PACKETSTORM",
"id": "51690"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-127"
},
{
"db": "NVD",
"id": "CVE-2006-5817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"db": "VULMON",
"id": "CVE-2006-5817"
},
{
"db": "BID",
"id": "87399"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002392"
},
{
"db": "PACKETSTORM",
"id": "51690"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-127"
},
{
"db": "NVD",
"id": "CVE-2006-5817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"date": "2006-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2006-5817"
},
{
"date": "2006-11-08T00:00:00",
"db": "BID",
"id": "87399"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002392"
},
{
"date": "2006-11-06T18:07:49",
"db": "PACKETSTORM",
"id": "51690"
},
{
"date": "2006-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-127"
},
{
"date": "2006-11-08T23:07:00",
"db": "NVD",
"id": "CVE-2006-5817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2006-5817"
},
{
"date": "2006-11-08T00:00:00",
"db": "BID",
"id": "87399"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002392"
},
{
"date": "2006-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-127"
},
{
"date": "2024-11-21T00:20:40.490000",
"db": "NVD",
"id": "CVE-2006-5817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "87399"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-127"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mac Build Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8385"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-127"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-127"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…