CVE-2005-2554 Information

Description

The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the \Common Framework\Db\ folder which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.

Reference

http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml http://lists.virus.org/full-disclosure-0508/msg00376.html http://reedarvin.thearvins.com/20050811-01.html http://secunia.com/advisories/16410 http://www.osvdb.org/18735 http://www.securityfocus.com/bid/14549 http://www.vupen.com/english/advisories/2005/1402 https://exchange.xforce.ibmcloud.com/vulnerabilities/21839