Palm Desktop Application Directory Local Insecure Permissions Vulnerability

Bugtraq ID:	21382
Class:	Access Validation Error
CVE:	CVE-2006-6286
Remote:	No
Local:	Yes
Published:	Dec 01 2006 12:00AM
Updated:	Feb 27 2008 10:02PM
Credit:	Richard Amacker is credited with the discovery of this issue.
Vulnerable:	Palm Palm Desktop 4.1.4
Not Vulnerable:

Palm Desktop Application Directory Local Insecure Permissions Vulnerability

Palm Desktop is prone to an insecure-permissions vulnerability.

A local attacker could exploit this issue to gain access to sensitive data that may aid in further attacks.

Palm Desktop 4.1.4 is vulnerable; other versions may also be affected.

Palm Desktop Application Directory Local Insecure Permissions Vulnerability

An attacker requires local interactive access to a computer running the affected application to exploit this issue.

Palm Desktop Application Directory Local Insecure Permissions Vulnerability

Solution:
Reports indicate that this issue was addressed in Palm Desktop 6.2, but Symantec has not confirmed this. Please contact the vendor for more information.

Palm Desktop Application Directory Local Insecure Permissions Vulnerability

References:

• Product Homepage (Palm)