Versions of the product contain a vulnerability which can permit local unprivileged users to read arbitrary files. The Qview component of Shareplex allows its user to specify a file containing Qview commands as input. If the contents of the file are not valid Qview commands, they will be output to standard error as part of error messages. Exploiting this behaviour, an attacker can obtain the contents of normally unreadable, sensitive files from this error output.
If a logged in FTP user connects to an external share and submits a malformed 'size' or 'mdtm' command, the user could force the FTP server to make an external SMB connection. The FTP server must provide login credentials of the user the server is running under in order to make a connection to the remote host. A password hash is sent across the external connection to the host. A third party network utility could be listening for internal and external traffic and capture the password hash. The captured hash could be resolved into the username and password.
A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside in a protected directory, '/WEB-INF/classes/'. Unfortunately, this protection can be bypassed due to an input validation bug in the Resin webserver. If an attacker inserts the substring '.jsp' before the path of the JavaBean in the request, the webserver will incorrectly interpret the request and serve the contents of the requested JavaBean to the client.
A problem in the Linux Kernel could make it possible for a local user to gain elevated privileges. A problem with the checking of process tracing on programs attempting to execute other programs that are setuid or setgid. It is possible to trace a process after it has entered a setuid or setgid execution state, making it possible for a local user to change parts of the process as they function, and potentially gain elevated privileges.
A problem in the Linux Kernel could make it possible for a local user to gain elevated privileges. A problem with the checking of process tracing on programs attempting to execute other programs that are setuid or setgid. It is possible to trace a process after it has entered a setuid or setgid execution state, making it possible for a local user to change parts of the process as they function, and potentially gain elevated privileges.
BEA Systems WebLogic Server and Tomcat are vulnerable to a source disclosure vulnerability. If successfully exploited, this vulnerability could lead to the disclosure of sensitive information contained within JSP pages. This information may assist in further attacks against the host.
A problem with the implementation of some MySQL databases may permit local users to overwrite sensitive system files. This problem affects MySQL implementations that run the database under the uid of root. By using a symbolic link in the /var/tmp directory, and linking it to a file that is write-accesible by root, a user can log into the database with their account, and create a table with a name corresponding to that of the symbolic link. The creation of the table will overwrite the linked file, and any data created within the table will be written to the file that has been symbolically linked. This is dependent entirely upon the attacker having a MySQL account with the 'create table' privilege.
Certain non-current versions of products in the Internet Manager suite, including IM Anti-Virus, are vulnerable to directory traversal attacks. An attacker can compose a long path which includes '/../' sequences, and submit it as a file request to the built-in webserver. The server will not filter 'dot-dot' sequences from the path, permitting the attacker to specify files outside the directory tree normally available to users. This can permit disclosure of confidential data and sensitive system files which, if properly exploited, could lead to further compromises of the host's security.
JSparm is the Junsoft Performance Analysis Report Maker package. This software package provides an enhanced perfmon performance monitoring package and interface, as well as a performance report generation interface. A problem with the package could make it possible for a user with local access to overwrite any file on the system. It is possible for a user to launch the perfmon program from the command line interface, and create a logfile of activity monitored by the perfmon package. The user may specify the file in which the activity should be logged. Insufficient checking of file permissions, as well as the program being SUID, make it possible for the log file to be any file on the system. The file created/overwritten is set to mode 0666. Therefore, it is possible for a user with local access to overwrite sensitive system files, and gain elevated privileges.
Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks. By including '/../' sequences in requested URLs, an attacker can cause the retrieval of arbitrary files, compromising the privacy of user data and potentially obtaining information which could be used to further compromise the host's security.
Services By CQR