PT-2006-6493 · Parallels · Parallels Desktop For Mac

Published

2006-11-08

Updated

2008-09-05

CVE-2006-5817

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Parallels Desktop for Mac Build 1940

Description: The issue concerns insecure permissions used by prl dhcpd in Parallels Desktop for Mac. Specifically, it uses permissions of 0666 for the /Library/Parallels/.dhcpd configuration file, allowing local users to modify the DHCP configuration.

Recommendations: For Parallels Desktop for Mac Build 1940, consider changing the permissions of the /Library/Parallels/.dhcpd configuration file to prevent local users from modifying the DHCP configuration. As a temporary workaround, restrict access to the .dhcpd configuration file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5817

Affected Products

Parallels Desktop For Mac

PT-2006-6493 · Parallels · Parallels Desktop For Mac

CVE-2006-5817

Related Identifiers

Affected Products

References · 3