Insecure Permissions in Cheyenne InocuLAN Anti-Virus Server Allows Trojan Installation

Insecure Permissions in Cheyenne InocuLAN Anti-Virus Server Allows Trojan Installation

CVE-1999-1555 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pack 2 creates an update directory with "EVERYONE FULL CONTROL" permissions, which allows local users to cause Inoculan's antivirus update feature to install a Trojan horse dll.

Learn more about our Cis Benchmark Audit For Server Software.