FKIE_CVE-2007-2950

Vulnerability from fkie_nvd - Published: 2007-07-23 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
References
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/25354Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/25374Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/25379Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2007-58/advisory/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2007-59/advisory/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2007-60/advisory/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/25000
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2007/2599
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2007/2600
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2007/2603
PSIRT-CNA@flexerasoftware.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/35562
PSIRT-CNA@flexerasoftware.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/35563
PSIRT-CNA@flexerasoftware.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/35564
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25354Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25374Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25379Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2007-58/advisory/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2007-59/advisory/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2007-60/advisory/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25000
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2599
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2600
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2603
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35562
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35563
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35564
Impacted products
Vendor Product Version
centennial discovery 2006_featurepack1
numara asset_manager 8.0
centennial discovery 2006_featurepack1
symantec discovery 6.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:centennial:discovery:2006_featurepack1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9336740-2AB3-4189-8EDE-3D12A3AFDB57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:numara:asset_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8AE39DA-388A-414F-B58A-B7B0E9B4FC12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:centennial:discovery:2006_featurepack1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9336740-2AB3-4189-8EDE-3D12A3AFDB57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:discovery:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8679A66E-0AEB-42E3-938D-E7AEC74A6C62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges."
    },
    {
      "lang": "es",
      "value": "Centennial Discovery 2006 Feature Pack 1, el cual es usado por (1) Numara Asset Manager 8.0 y (2) Symantec Discovery 6.5, utiliza permisos no seguros sobre ciertos directorios, el cual permite a usuarios locales ganar privilegios."
    }
  ],
  "id": "CVE-2007-2950",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-23T16:30:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25354"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25374"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25379"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-58/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-59/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-60/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/25000"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2007/2599"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2007/2600"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2007/2603"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35562"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35563"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-58/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-59/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-60/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35564"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.