CVE-2006-4184

SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.protect-me.com/dl/whatsnew.html
http://www.securityfocus.com/bid/19500	Patch
http://secunia.com/advisories/21494	Patch Vendor Advisory
http://securityreason.com/securityalert/1392
https://exchange.xforce.ibmcloud.com/vulnerabilities/28384
http://www.securityfocus.com/archive/1/443193/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:smartline:devicelock:5.73_build_303:::::::*
	cpe:2.3:a:smartline:devicelock:5.73_build_288:::::::*
	cpe:2.3:a:smartline:devicelock:5.73_build_300:::::::*
	cpe:2.3:a:smartline:devicelock:5.72:::::::*

Information

Published : 2006-08-16 17:04

Updated : 2018-10-17 14:33

NVD link : CVE-2006-4184

Mitre link : CVE-2006-4184

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

smartline

devicelock

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.protect-me.com/dl/whatsnew.html", "name": "http://www.protect-me.com/dl/whatsnew.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/19500", "name": "19500", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/21494", "name": "21494", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/1392", "name": "1392", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28384", "name": "devicelock-acl-security-bypass(28384)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/443193/100/0/threaded", "name": "20060813 Local privilege Escalation in SmartLine DeviceLock 5.73", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4184", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-08-17T00:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:smartline:devicelock:5.73_build_303:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:smartline:devicelock:5.73_build_288:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:smartline:devicelock:5.73_build_300:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:smartline:devicelock:5.72:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:33Z"}