Bugtraq mailing list archives
Security hole in TMS/SMS
From: standby () SELF DESTRUCTIVE ORG (standby)
Date: Fri, 3 Apr 1998 14:27:36 -0700
Note: ----- This bug has been shown to RMS Systems, maker of the products in question. Also excuse my lack of formatting the text, usually only follow groups. What product: ------------- This hole is found in the Training Management Software and Safety Management Software by RMS Systems. The hole can be found in the Win. 3.1 & 95 versions, even in the latest update 2.5 (Hasn't been tested on the DOS version, though it is out of date and shouldn't be in circulation) The problem: ------------ Both of the above mentioned software packages, TMS & SMS, contain a major security hole. First to explain the software it self: - The TMS is to help a company track which courses need to be given to which employee and when to rescedual etc. - The SMS is a program for tracking inicidents of injury etc in a company. It also has capabilities for printing out the OSHA 200 forms. Both of these software packages have the capabilitie to give different access levels to different users. Doing so you can restrict people to what they can see, for example other employee's address, phone number, and even their Social Security number. This is where the bug is. Any level user can access the personal data of any one by simply going to the report screen, and running the Employee List Form. Though this doesn't have all that information, one can use the built in Basic Report Writer to create a custom report which has any and all information you desire about anyone in the database. Prevention: ----------- Only have the ADMIN account active, and delete all other accounts to the program. Basically the only way of prevention untill the 3.0 update comes out (which they plan on releasing begining next year.) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- standby () destructive org - http://www.destructive.org -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Current thread:
- QW vulnerability, (continued)
- QW vulnerability Glenn F. Maynard (Apr 07)
- AppleShare IP Mail Server Chris Wedgwood (Apr 07)
- Re: AppleShare IP Mail Server David Luyer (Apr 07)
- Re: AppleShare IP Mail Server James W. Abendschan (Apr 07)
- Geac ADVANCE library system security HOLE GAVRILIS DIMITR (Apr 02)
- Re: Geac ADVANCE library system security HOLE Damian Kelly (Apr 03)
- Announce : Nessus Alpha 1 Renaud Deraison (Apr 04)
- mailrc and pine security holes Michal Zalewski (Apr 05)
- ICQ Spoofer Seth McGann (Apr 05)
- Re: BSD coredumps follow symlinks Nir Soffer (Apr 02)
- Security hole in TMS/SMS standby (Apr 03)
- BSD coredumps follow symlinks Ronny Cook (Apr 02)
- Re: BSD coredumps follow symlinks Ronny Cook (Apr 05)
- QuakeI server serious hole (yawn) Chris Evans (Apr 06)
- The ICQ exploitation Center - www.wpi.edu/~smm/icq Seth McGann (Apr 06)
- Re: BSD coredumps follow symlinks Ariel Biener (Apr 06)