CVE-2005-0242
CVSS4.6
发布时间 :2005-02-18 00:00:00
修订时间 :2008-09-05 16:45:44
NMCOPS    

[原文]The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.


[CNNVD]Yahoo! Messenger本地不安全默认安装漏洞(CNNVD-200502-068)

        Yahoo! Messenger雅虎通是由全球领先的互联网公司雅虎(Yahoo!)推出的即时聊天工具。
        Yahoo! Messager 6.0.0.1750以及其他可能版本中的音频设置向导(asw.dll),可让攻击者将恶意ping.exe程序放入以较弱默认许可权安装的Messenger程序目录中,以此来执行任意代码。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:yahoo:messenger:5.6Yahoo Messenger 5.6
cpe:/a:yahoo:messenger:6.0Yahoo Messenger 6.0
cpe:/a:yahoo:messenger:5.6.0.1351Yahoo Messenger 5.6.0.1351
cpe:/a:yahoo:messenger:5.5Yahoo Messenger 5.5
cpe:/a:yahoo:messenger:6.0.0.1750Yahoo Messenger 6.0.0.1750

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0242
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0242
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-068
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/secunia_research/2004-6/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2004-6/advisory/
http://secunia.com/advisories/11815
(PATCH)  SECUNIA  11815

- 漏洞信息

Yahoo! Messenger本地不安全默认安装漏洞
中危 配置错误
2005-02-18 00:00:00 2005-10-20 00:00:00
本地  
        Yahoo! Messenger雅虎通是由全球领先的互联网公司雅虎(Yahoo!)推出的即时聊天工具。
        Yahoo! Messager 6.0.0.1750以及其他可能版本中的音频设置向导(asw.dll),可让攻击者将恶意ping.exe程序放入以较弱默认许可权安装的Messenger程序目录中,以此来执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Yahoo! Messenger 6.0 .0.1750
        Yahoo! Messenger 6.0 Build 1921
        http://messenger.yahoo.com/

- 漏洞信息 (F36234)

secres18022005-2.txt (PacketStormID:F36234)
2005-02-25 00:00:00
Carsten Eiram  secunia.com
advisory,local
CVE-2005-0242
[点击下载]

Secunia Research Advisory - Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious, local users to gain escalated privileges.

====================================================================== 

                     Secunia Research 18/02/2005

     - Yahoo! Messenger Audio Setup Wizard Privilege Escalation -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

Yahoo! Messenger 6.0.0.1750 (for Windows)

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Less Critical 
Impact: Privilege Escalation
Where:  Local System

====================================================================== 
3) Vendor's Description of Software 

Yahoo! Messenger:
"Yahoo! Messenger is a free instant messaging service that you can 
use to communicate with other people who also use Yahoo! Messenger".
 
Product link:
http://messenger.yahoo.com/

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Yahoo! Messenger, 
which can be exploited by malicious, local users to gain escalated 
privileges.

The vulnerability is caused due to a combination of weak default 
directory permissions and the Audio Setup Wizard (asw.dll) invoking 
the "ping.exe" utility insecurely during the connection testing phase.

This can be exploited to execute arbitrary code with the privileges 
of another user by placing a malicious "ping.exe" file in the 
application's "Messenger" directory.

Successful exploitation requires that a user runs the Audio Setup 
Wizard and that the application has been installed in a non-default 
location (not as a subdirectory to the "Program Files" directory).

====================================================================== 
5) Solution 

Vendor issued a fixed version on February 16, 2005.

====================================================================== 
6) Time Table 

04/01/2005 - Vendor notified.
14/01/2005 - Vendor contacted second time.
17/01/2005 - Vendor response.
16/02/2005 - Vendor issues updated version.
18/02/2005 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
candidate number CAN-2005-0242 for the vulnerability.

====================================================================== 
9) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2004-6/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息

13929
Yahoo! Messenger Audio Setup Wizard Local Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-18 2005-01-04
2005-02-18 Unknow

- 解决方案

Upgrade to version 6.0.0.1921 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Yahoo! Messenger Local Insecure Default Installation Vulnerability
Configuration Error 12585
No Yes
2005-02-18 12:00:00 2009-07-12 10:06:00
Carsten Eiram is credited with the discovery of this issue.

- 受影响的程序版本

Yahoo! Messenger 6.0 .0.1750
Yahoo! Messenger 6.0 .0.1643
Yahoo! Messenger 6.0
Yahoo! Messenger 5.6 .0.1358
Yahoo! Messenger 5.6 .0.1356
Yahoo! Messenger 5.6 .0.1355
Yahoo! Messenger 5.6 .0.1351
Yahoo! Messenger 5.6 .0.1347
Yahoo! Messenger 5.6
Yahoo! Messenger 5.5 .1249
Yahoo! Messenger 5.5
Yahoo! Messenger 5.0 .1232
Yahoo! Messenger 5.0 .1065
Yahoo! Messenger 5.0 .1046
Yahoo! Messenger 5.0
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
Yahoo! Messenger 6.0 .0.1921

- 不受影响的程序版本

Yahoo! Messenger 6.0 .0.1921

- 漏洞讨论

A local insecure default installation vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to properly secure directories and executables when installation takes place.

A local attacker may leverage this issue to have arbitrary code executed with the privileges of an unsuspecting user; this may facilitate privileges escalation.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

The vendor has released an upgrade dealing with this issue.


Yahoo! Messenger 5.0 .1065

Yahoo! Messenger 5.0 .1046

Yahoo! Messenger 5.0

Yahoo! Messenger 5.0 .1232

Yahoo! Messenger 5.5

Yahoo! Messenger 5.5 .1249

Yahoo! Messenger 5.6 .0.1358

Yahoo! Messenger 5.6

Yahoo! Messenger 5.6 .0.1347

Yahoo! Messenger 5.6 .0.1351

Yahoo! Messenger 5.6 .0.1356

Yahoo! Messenger 5.6 .0.1355

Yahoo! Messenger 6.0 .0.1643

Yahoo! Messenger 6.0

Yahoo! Messenger 6.0 .0.1750

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站