RSS

Resumen de Vulnerabilidades - Semana 27

viernes, 1 de julio de 2011

_____________________________________________________________________

       @RISK: The Consensus Security Vulnerability Alert

                           Week 27 2011
_____________________________________________________________________

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities
-------------------------      -------------------------------------

Third Party Windows Apps                      7 (#3)
Mac Os                                        1 (#1)
BSD                                           1
Novell                                        1
Cross Platform                               10 (#2)
Web Application - SQL Injection               1
Web Application                               4
Network Device                                2
****************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint (
www.tippingpoint.com) Widely Deployed Software
(1) HIGH: Mac OS/X Multiple Security Vulnerabilities
(2) MEDIUM: Google Chrome Multiple Vulnerabilities
(3) MEDIUM: Citrix EdgeSight Launcher Service Heap buffer Overflow

*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(
www.qualys.com)

-- Third Party Windows Apps
11.27.1  - Easewe FTP OCX ActiveX Control "EaseWeFtp.ocx" Multiple Insecure Method Vulnerabilities
11.27.2  - xAurora "RSRC32.DLL" DLL Loading Arbitrary Code Execution
11.27.3  - FreeAmp ".pls" File Buffer Overflow
11.27.4  - Winamp Multiple Remote Issues
11.27.5  - MySQLDriverCS SQL Injection
11.27.6  - Novell ZENworks Handheld Management "ZfHSrvr .exe" Se rvice Directory Traversal
11.27.7  - CygniCon CyViewer ActiveX Control "SaveData()" Insecure Method Vulnerability
-- Mac Os
11.27.8  - Apple Mac OS X Multiple Vulnerabilities
-- BSD
11.27.9  - tftp-hpa FTP Server "utimeout" Option Remote Buffer Overflow
-- Novell
11.27.10 - Novell File Reporter "NFRAgent.exe" Security Bypass
-- Cross Platform
11.27.11 - Torque "job name" Argument Remote Buffer Overflow
11.27.12 - Rampart "util/rampart_timestamp_token.c" Remote Security Bypass
11.27.13 - LibreOffice ".lwp" File Multiple Remote Stack Buffer Overflow Vulnerabilities
11.27.14 - Wireshark "bytes_repr_len()" NULL Pointer Dereference Denial of Service
11.27.15 - cURL/libcURL GSS/Negotiate Feature Spoofing Security Vulnerability
11.27.16 - Asterisk Multiple Remote Denial of Service Vulnerabilities
11.27.17 - Apache Tomcat "MemoryUserDatabase" Information Disclosure
11.27.18 - D-Bus Configuration Insecure Temporary File Creation Vulnerability
11.27.19 - Sybase Advantage Server "ADS" Process Off-By-One Buffer Overflow 11.27.20 - Google Chrome Multiple Security Vulnerabilities
-- Web Application - SQL Injection
11.27.21 - IdevSpot iSupport "x_category" Parameter SQL Injection
-- Web Application
11.27.22 - ActivDesk Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
11.27.23 - Nodesforum "3rd_party_limits.php" Remote File Include Vulnerability
11.27.24 - Avactis Shopping Cart Security Bypass and HTML Injection Vulnerabilities
11.27.25 - phpMyAdmin "$_SESSION" Array Unauthorized Access Vulnerability
-- Network Device
11.27.26 - IBM Web Application Firewall Security Bypass
11.27.27 - H3C ER5100 Authentication Bypass Vulnerability ______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at
http://www.sans.org/newsletters/risk/#process

*************************************************************

(1) HIGH: Mac OS/X Multiple Security Vulnerabilities
Affected:
Mac OS X prior to 10.6.8

Description: Apple has released patches for multiple vulnerabilites affecting products related to Mac OS/X. The issues include code-execution vulnerabilities in the following components: Apple Type Services (ATS), CoreFoundation, CoreGraphics, ImageIO, Internal Components for Unicode (ICU), QuickLook, QuickTime, and Samba. The Samba vulnerabilities require a connection to a share on the vulnerable server. Except for the vulnerabilities in the CoreFoundation and ICU libraries, which may provide many unknown vectors of attack, all of the other vulnerabilities require an attacker to entice a target to open a malicious file or view a malicious site in order to execute arbitrary code on the target's machine.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.apple.com
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/38562
http://www.securityfocus.com/bid/39013
http://www.securityfocus.com/bid/42599
http://www.securityfocus.com/bid/42646
http://www.securityfocus.com/bid/43212
http://www.securityfocus.com/bid/43676
http://www.securityfocus.com/bid/43819
http://www.securityfocus.com/bid/44794
http://www.securityfocus.com/bid/44884
http://www.securityfocus.com/bid/45164
http://www.securityfocus.com/bid/46264
http://www.securityfocus.com/bid/46597
http://www.securityfocus.com/bid/46734
http://www.securityfocus.com/bid/46768
http://www.securityfocus.com/bid/47668
http://www.securityfocus.com/bid/48415
http://www.securityfocus.com/bid/48416
http://www.securityfocus.com/bid/48418
http://www.securityfocus.com/bid/48419
http://www.securityfocus.com/bid/48420
http://www.securityfocus.com/bid/48422
http://www.securityfocus.com/bid/48426
http://www.securityfocus.com/bid/48427
http://www.securityfocus.com/bid/48429
http://www.securityfocus.com/bid/48430
http://www.securityfocus.com/bid/48436
http://www.securityfocus.com/bid/48437
http://www.securityfocus.com/bid/48439
http://www.securityfocus.com/bid/48440
http://www.securityfocus.com/bid/48442
http://www.securityfocus.com/bid/48443
http://www.securityfocus.com/bid/48444
http://www.securityfocus.com/bid/48445
http://www.securityfocus.com/bid/48447

*************************************************************

(2) MEDIUM: Google Chrome Multiple Vulnerabilities
Affected:
Google Chrome Prior to 12.0.742.112

Description: Google has released a patch for multiple security vulnerabilities affecting its Chrome web browser. Six vulnerabilities have been rated "High" severity by Google. They include two use-after-free vulnerabilities in SVG (scalar vector graphics), a memory corruption in CSS parsing, potential race conditions in the HTML parser, a "bad bounds check" in v8, and a use-after-free vulnerability in text selection. Chrome is designed to automatically update itself when connected to the internet. By enticing a target to view a malicious site, an attacker can exploit these vulnerabilities in order to execute arbitrary code on the target's machine.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.google.com
Google Stable Channel Updates
http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/48479/

*************************************************************

(3) MEDIUM: Citrix EdgeSight Launcher Service Heap buffer Overflow
Affected:
Citrix EdgeSight for Activ Application Monitoring prior to 5.3 SP2 Citrix EdgeSight for Load Testing prior to 3.8.1

Description: Citrix has released a patch for its EdgeSight product addressing a security vulnerability. EdgeSight is designed to manage and monitor XenApp, Presentation Server, and XenDesktop. Together, these services are designed to centralize application delivery and monitor networks for problems. One component of the EdgeSight product, LauncherService.exe, listens by default on port 18747 and copies attacker-controlled data onto a fixed-length heap buffer. By sending a malicious request, an attacker can exploit this vulnerability in order to execute arbitra ry code on the target's machine with SYSTEM-level privileges.

Status: vendor confirmed, updates available

References: Vendor Site
http://www.citrix.com Citrix Security Article
http://support.citrix.com/article/CTX129699 Zero Day Initiative Advisory http://www.zerodayinitiative.com/advisories/ZDI-11-226/ SecurityFocus BugTraq ID http://www.securityfocus.com/bid/48385

*************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(
www.qualys.com)

This list is compiled by Qualys (
www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 11531 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.
______________________________________________________________________

11.27.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Easewe FTP OCX ActiveX Control "EaseWeFtp.ocx" Multiple Insecure Method Vulnerabilities
Description: Easewe FTP OCX ActiveX control is an FTP ActiveX component that provides standard FTP features. The ActiveX control
("EaseWeFtp.ocx") is exposed to multiple insecure method issues. The "Execute()" and "Run()" methods allow the execution of an arbitrary program through the "FilePath" argument. The "CreateLocalFile()" method allows for the creation of an arbitrary empty file. The "CreateLocalFolder()" method allows for the creation of an arbitrary directory. The "DeleteLocalFile()" method allows for the deletion of an arbitrary file. Easewe FTP ActiveX control version 4.5.0.9 is vulnerable; other versions may also be affected.
Ref:
http://www.securityfocus.com/archive/1/518573
______________________________________________________________________

11.27.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: xAurora "RSRC32.DLL" DLL Loading Arbitrary Code Execution
Description: xAurora is a web browser for Microsoft Windows. The application is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "RSRC32.DLL" Dynamic Link Library file in the current working directory. The issue can be exploited by placing both a specially crafted library file and a file that is associated with the vulnerable application in an attacker controlled location. xAurora version 10.00 is affected.
Ref:
http://www.securityfocus.com/bid/48432/discuss
______________________________________________________________________

11.27.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: FreeAmp ".pls" File Buffer Overflow
Description: FreeAmp is an MP3 player available for Microsoft Windows.
FreeAmp is exposed to a buffer overflow issue because it fails to perform adequate checks on user supplied input. Specifically, this issue occurs when opening a specially crafted ".pls" file. FreeAmp
2.0.7 is vulnerable; other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48433/discuss
______________________________________________________________________

11.27.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Winamp Multiple Remote Issues
Description: Nullsoft Winamp is a media player for Microsoft Windows.
Winamp is exposed to multiple memory corruption issues, multiple heap-based buffer overflow issues, and an integer overflow issue that affects the "nsvdec_vp6.dll" file when parsing screen dimensions.
Winamp 5.61 is vulnerable and other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48457/discuss
______________________________________________________________________

11.27.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: MySQLDriverCS SQL Injection
Description: MySQLDriverCS is a .NET compliant MySQL driver. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input. Specifically, this issue occurs in the function "BindParameters()" in the class "DirectStatement" of the "Statement.cs" file. MySQLDriverCS 4.0.1 and all the previous versions which support the parameterized query mechanism are vulnerable.
Ref:
http://www.securityfocus.com/archive/1/518627
______________________________________________________________________

11.27.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Novell ZENworks Handheld Management "ZfHSrvr.exe" Service Directory Traversal
Description: Novell ZENworks Handheld Management is an application used to prevent stolen handheld devices from leaking sensitive information. The application is exposed to a directory traversal issue in the "ZfHSrvr.exe" service listening over port 2398 because it fails to sufficiently sanitize user-supplied input. ZENworks Handheld Management 7.0.2.61213 and prior are vulnerable.
Ref:
http://www.securityfocus.com/archive/1/518625
______________________________________________________________________

11.27.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: CygniCon CyViewer ActiveX Control "SaveData()" Insecure Method Vulnerability
Description: CygniCon CyViewer is an ActiveX object viewer. CygniCon CyViewer ActiveX control is exposed to an issue caused by an insecure method. This issue occurs because the "SaveData()" method in the "CyViewer.ocx" file can be exploited to overwrite arbitrary files on the affected computer. Ashampoo 3D CAD Professional 3 3.0.1 is vulnerable; other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48483/discuss
______________________________________________________________________

11.27.8 CVE:
CVE-2011-0196,CVE-2011-0197,CVE-2011-0198,CVE-2011-0199,CVE-2011-0200,CVE-2011-0201,
CVE-2011-0202,CVE-2011-0203,CVE-2011-0204,CVE-2011-0205,CVE-2011-0206,CVE-2011-0207,
CVE-2011-0208,CVE-2011-0209,CVE-2011-0210,CVE-2011-0211,CVE-2011-0212,CVE-2011-0213,CVE-2011-1132
Platform: Mac Os
Title: Apple Mac OS X Multiple Vulnerabilities
Description: Apple Mac OS X is exposed to multiple security issues that have been addressed in Security Update 2011-004. The update addresses new issues that affect AirPort, App Store, ATS, Certificate Trust Policy, ColorSync, CoreFoundation, CoreGraphics, FTP Server, ImageIO, International Components for Unicode, MobileMe, QuickLook, QuickTime and servermgrd. Mac OS X versions prior to 10.6.8 are affected.
Ref:
http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html
______________________________________________________________________

11.27.9 CVE: CVE-2011-2199
Platform: BSD
Title: tftp-hpa FTP Server " utimeout" Option Remote Buffer Overflow
Description: tftp-hpa is an enhanced version of the BSD TFTP client and server. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when processing a request to set the "utimeout" option from clients. Versions prior to tftp-hpa 5.1 are vulnerable.
Ref:
http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt
______________________________________________________________________

11.27.10 CVE: Not Available
Platform: Novell
Title: Novell File Reporter "NFRAgent.exe" Security Bypass
Description: Novell File Reporter provides solutions for managing files on the system. The application is exposed to a security bypass issue. Specifically, "NFRAgent.exe" listening allows attackers to delete arbitrary files with SYSTEM privileges by sending a specially crafted string to the "PATH" value. Novell File Reporter 1.0.4.2 and prior are vulnerable; other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48468/discuss
______________________________________________________________________

11.27.11 CVE: CVE-2011-2193
Platform: Cross Platform
Title: Torque "job name" Argument Remote Buffer Overflow
Description: Torque (Tera-scale Open source Resource and Queue manager) is a resource manager. The application is exposed to a remote buffer overflow issue due to a failure to properly bounds check user-supplied input.  Specifically, the issue affects the "job name" argument.
Terascale Open-Source Resource and Queue Manager 2.x, 2.5.x, 3.x are affected.
Ref:
http://www.securityfocus.com/bid/48374/discuss
______________________________________________________________________

11.27.12 CVE: CVE-2011-0730
Platform: Cross Platform
Title: Rampart "util/rampart_timestamp_token.c" Remote Security Bypass
Description: Rampart is a security module for Axis2. The application is exposed to a remote security bypass issue. This issue occurs because the application fails to calculate the expiration time of the security token. This will allow attackers to use an expired token to gain access to Axis2. Rampart 1.3.0 is vulnerable and other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48386/discuss
______________________________________________________________________

11.27.13 CVE: Not Available
Platform: Cross Platform
Title: LibreOffice ".lwp" File Multiple Remote Stack Buffer Overflow Vulnerabilities
Description: LibreOffice is an open source suite for Windows, Macintosh and Linux that provides applications for document production and data processing. LibreOffice is exposed to multiple remote stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Specifically, these issues occur while importing specially crafted Lotus Word Pro (".lwp") files because of an error in the import filters. LibreOffice 3.3.1 and
3.3.2 are vulnerable and prior versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48387/discuss
______________________________________________________________________

11.27.14 CVE: CVE-2011-1956
Platform: Cross Platform
Title: Wireshark "bytes_repr_len()" NULL Pointer Dereference Denial of Service
Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. The application is exposed to a remote denial of service issue caused by a NULL pointer dereference error in the TCP dissector. Specifically, the issue occurs in the "bytes_repr_len()" function when handling malformed TCP packets.
Wireshark version 1.4.5 is vulnerable.
Ref:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5837
______________________________________________________________________

11.27.15 CVE: CVE-2011-2192
Platform: Cross Platform
Title: cURL/libcURL GSS/Negotiate Feature Spoofing Security Vulnerability
Description: cURL is a utility for transferring files with URL syntax over a number of protocols. cURL/libcURL is exposed to an issue that may allow attackers to spoof the clients security credentials. This issue occurs because the application's GSS/Negotatie feature unconditionally performs credential delegation, which may allow attackers to gain access to the client's security credentials. This issue affects cURL/libcURL 7.10.6 through 7.21.6.
Ref:
http://curl.haxx.se/docs/adv_20110623.html
______________________________________________________________________

11.27.16 CVE: CVE-2011-2535,CVE-2011-2529
Platform: Cross Platform
Title: Asterisk Multiple Remote Denial of Service Vulnerabilities
Description: Asterisk is an open-source PBX application available for multiple operating platforms. Asterisk is exposed multiple remote denial of service issues. Refer to reference for complete details.
Asterisk versions 1.4.x, 1.6.2.x and 1.8.x are affected.
Ref:
http://downloads.asterisk.org/pub/security/AST-2011-008.html
http://downloads.asterisk.org/pub/security/AST-2011-009.html
http://downloads.asterisk.org/pub/security/AST-2011-010.html
______________________________________________________________________

11.27.17 CVE: CVE-2011-2204
Platform: Cross Platform
Title: Apache Tomcat "MemoryUserDatabase" Information Disclosure
Description: Apache Tomcat is a Java-based webserver application for multiple operating systems. The application is exposed to a remote information disclosure issue. This issue is caused by an error when creating users through the JMX feature and using the "MemoryUser"
Database. This will allow attackers to gain access to user authentication credentials. Apache Tomcat versions 5.5.0 through 5.5.33, 6.0.0 through 6.0.32 and 7.0.0 through 7.0.16 are affected.
Ref:
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
______________________________________________________________________

11.27.18 CVE: CVE-2011-2533
Platform: Cross Platform
Title: D-Bus Configuration Insecure Temporary File Creation Vulnerability
Description: D-Bus is an IPC (Inter-Process Communication) system for applications to talk to one another. The application is exposed to an insecure temporary file creation issue which allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. Versions prior to D-Bus 1.2.28 are vulnerable.
Ref:
http://www.securityfocus.com/bid/48460/discuss
______________________________________________________________________

11.27.19 CVE: Not Available
Platform: Cross Platform
Title: Sybase Advantage Server "ADS" Process Off-By-One Buffer Overflow
Description: Sybase Advantage Server is a relational database management application. Sybase Advantage Server is exposed to an off-by-one buffer overflow issue. This issue affects the "ADS" process when handling a malformed packet sent to TCP or UDP port 6262. Sybase Advantage Server 10.0.0.3 is vulnerable and other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48464/discuss
______________________________________________________________________

11.27.20 CVE:
CVE-2011-2351,CVE-2011-2350,CVE-2011-2349,CVE-2011-2348,CVE-2011-2347,CVE-2011-2346,CVE-2011-2345
Platform: Cross Platform
Title: Google Chrome Multiple Security Vulnerabilities
Description: Google Chrome is a web browser for multiple platforms.  The application is exposed to multiple security issues. An out-of-bounds read issue occurs when handling NPAPI strings. A use-after-free issue occurs in SVG font handling. A memory corruption issue occurs in CSS parsing.  Multiple issues occur with lifetime and re-entrancy in the HTML parser. An issue occurs with improper bounds checking v8 JavaScript engine. A use-after-free issue occurs when handling SVG use elements. A use-after-free issue occurs during text selection. Versions prior to Chrome 12.0.742.112 are vulnerable.
Ref:
http://www.securityfocus.com/bid/48479/discuss
______________________________________________________________________

11.27.21 CVE: Not Available
Platform: Web Application - SQL In jection
Title: IdevSpot iSupport "x_category" Parameter SQL Injection
Description: iSupport is a PHP-based application used for help desk and support ticketing. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input submitted to the "x_category" parameter of the "index.php" script.
iSupport versions 1.8 and prior are affected.
Ref:
http://www.securityfocus.com/bid/48402/discuss
______________________________________________________________________

11.27.22 CVE: Not Available
Platform: Web Application
Title: ActivDesk Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Description: ActivDesk is a web-based help desk application. ActivDesk exposed to Multiple SQL injection issues and a cross-site scripting issue that affects the "keywords" parameter of the "search.cgi" script.
ActivDesk version 3.0 is vulnerable and other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48409/discuss
______________________________________________________________________

11.27.23 CVE: Not Available
Platform: Web Application
Title: Nodesforum "3rd_party_limits.php" Remote File Include Vulnerability
Description: Nodesforum is a web-based application implemented in PHP.
The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input submitted to the "_nodesforum_code_path" parameter of the "3rd_party_limits.php"
script. Nodesforum versions 1.059 and prior are vulnerable.
Ref:
http://www.securityfocus.com/bid/48428/discuss
______________________________________________________________________

11.27.24 CVE: Not Available
Platform: Web Application
Title: Avactis Shopping Cart Security Bypass and HTML Injection Vulnerabilities
Description: Avactis Shopping Cart is a PHP-based shopping cart. The application is exposed to multiple issues. A security bypass issue due to an unspecified error allows attackers with administrative privileges to gain additional elevated privileges. An unspecified HTML injection issue exists because the application fails to properly validate user-supplied input.  Versions prior to Avactis Shopping Cart 2.1.1 are vulnerable.
Ref:
http://www.securityfocus.com/bid/48438/discuss
______________________________________________________________________

11.27.25 CVE: Not Available
Platform: Web Application
Title: phpMyAdmin "$_SESSION" Array Unauthorized Access Vulnerability
Description: phpMyAdmin is a web-based administration interface for MySQL databases. The application is exposed to an unauthorized access issue.  Specifically, an attacker can manipulate the global "$_SESSION"
array to specify arbitrary values. This may aid the attacker in performing various other attacks, including remote code execution.
phpMyAdmin 3.4.0 is vulnerable; other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/48480/discuss
______________________________________________________________________

11.27.26 CVE: Not Available
Platform: Network Device
Title: IBM Web Application Firewall Security Bypass
Description: IBM Web Application Firewall is a security application. The application is exposed to a security bypass issue.  An attacker could exploit the issue through HTTP Parameter Pollution by submitting repeated occurrences of the same parameter.  IBM Web Application Firewall, IBM Security Server are affected.
Ref:
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt
______________________________________________________________________

11.27.27 CVE: Not Available
Platform: Network Device
Title: H3C ER5100 Authentication Bypass Vulnerability
Description: The H3C ER5100 is a dual-core broadband router. The appliance is exposed to a remote authentication bypass issue. The issue can be exploited by appending a "userLogin.asp" string in the URL to gain administrative access. 3Com H3C ER5100 is affected.
Ref:
http://www.wooyun.org/bugs/wooyun-2010-02268
______________________________________________________________________

Welcome

Con la tecnología de Blogger.