Vulnerability CVE-2005-2932
Published: 2005-12-31   Modified: 2012-02-12

Description:
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Checkpoint -> Zonealarm 
Checkpoint -> Zonealarm security suite 

 References:
http://xforce.iss.net/xforce/xfdb/36110
http://www.vupen.com/english/advisories/2007/2929
http://www.securityfocus.com/bid/25377
http://www.securityfocus.com/bid/25365
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53
http://securitytracker.com/id?1018588
http://secunia.com/advisories/26513
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584
Copyright 2024, cxsecurity.com

 

Back to Top