Toad for Data Analysts Insecure Directory Permissions Privilege Escalation Vulnerability

Bugtraq ID:	53276
Class:	Design Error
CVE:	CVE-2012-0279
Remote:	No
Local:	Yes
Published:	Apr 27 2012 12:00AM
Updated:	Apr 27 2012 12:00AM
Credit:	Secunia Research
Vulnerable:	Quest Software Toad for Data Analysts 3.0.1 Quest Software Toad Development Suite for Oracle 0
Not Vulnerable:

Toad for Data Analysts Insecure Directory Permissions Privilege Escalation Vulnerability

Toad for Data Analysts is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges on affected computers.

Toad for Data Analysts 3.0.1 is vulnerable; other versions may also be affected.

Toad for Data Analysts Insecure Directory Permissions Privilege Escalation Vulnerability

Attackers can exploit this issue with readily available commands.

Toad for Data Analysts Insecure Directory Permissions Privilege Escalation Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Toad for Data Analysts Insecure Directory Permissions Privilege Escalation Vulnerability

References:

• Toad for Data Analysts (Quest Software)
  
• Vendor Homepage (Quest Software)
  
• Quest Toad for Data Analysts Insecure Default Directory Permissions (Secunia Research)