Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

-Advisory- | [Thu Mar 16 14:30:25 EST 2006] | Local Privilege Escalation Vulnerability in Dantz Retrospect

From: admin () westdene net <admin () westdene net>
Date: Thu, 16 Mar 2006 19:30:31 +0000 (GMT)



-Advisory- | [Thu Mar 16 14:30:25 EST 2006] | Local Privilege Escalation Vulnerability in Dantz Retrospect




+++++++++++++++++++++++++++++++++++++++++++++++++
1. Background
+++++++++++++++++++++++++++++++++++++++++++++++++
There was no background.
+++++++++++++++++++++++++++++++++++++++++++++++++
2. Description
+++++++++++++++++++++++++++++++++++++++++++++++++
Dantz Retrospect incorrectly validates user input, making privilege escalation possible.

+++++++++++++++++++++++++++++++++++++++++++++++++
3. Workaround
+++++++++++++++++++++++++++++++++++++++++++++++++
There has had been no workarounds on the issue at hand.
+++++++++++++++++++++++++++++++++++++++++++++++++
4. Vendor Response
+++++++++++++++++++++++++++++++++++++++++++++++++
Dantz Retrospect had presented no explanation regarding the vulnerability.
+++++++++++++++++++++++++++++++++++++++++++++++++
5. CVE Information
+++++++++++++++++++++++++++++++++++++++++++++++++
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-702155 to this issue

+++++++++++++++++++++++++++++++++++++++++++++++++
Appendix A Vendor Information
+++++++++++++++++++++++++++++++++++++++++++++++++
http://www.dantz.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: