Bugtraq mailing list archives
Cartfix Secret Backdoor Patch tool for cart32
From: weld () ATSTAKE COM (Weld Pond)
Date: Thu, 27 Apr 2000 17:10:55 -0400
@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Tool Release Name: Cartfix Secret Backdoor Patch tool Release Date: April 27, 2000 Application: Cart32 Shopping Cart Program Platform: Win32 Severity: An attacker can execute commands on the web server and modify admin password Author: Dildog [dildog () atstake com] Weld Pond [weld () atstake com] Vendor Status: Vendor has been notified Web: http://www.L0pht.com/advisories.html Overview: Cerberus Information Security Advisory (CISADV000427), available at http://www.cerberus-infosec.co.uk/advcart32.html, details serious vulnerabilities in the Cart32 shopping cart software, http://www.cart32.com. The advisory details a secret backdoor password and secret URLs that can be used to access sensitive data and issue commands on web servers running the cart32 software. The Cartfix program is a quick temporary solution for users waiting for a permanent fix from the cart32 vendor, McMurtrey/Whitaker & Associates. The Cartfix program searches for the secret backdoor password in the cart32.exe program and replaces it with a random backdoor password. It changes the ACL on the c32web.exe administration program so that anonymous users cannot change the administrator password for cart32. This ACL fix will only work on Windows NT/2000 systems. This patch does in no way make the cart32 software secure. It merely eliminates the two problems detailed in the Cerberus Information Security advisory. The security problems in this software are at a basic design level and may take several days for the vendor to fix. This patch will allow users of cart32 to be safe from these high risk vulnerabilies while awaiting this fix. Executable file: http://www.l0pht.com/advisories/cartfix.exe Source code: http://www.l0pht.com/advisories/cartfixsrc.zip Directions: You must be logged on as administrator to run the program. Press the browse button and select the directory that contains the cart32 software. This is usually cgi-bin or scripts. After the directory is selected press 'patch' to patch your cart32 installation. [ For more advisories check out http://www.l0pht.com/advisories.html ] L-ZERO-P-H-T
Current thread:
- SECURITY: [RHSA-2000:014-10] Updated piranha packages available, (continued)
- SECURITY: [RHSA-2000:014-10] Updated piranha packages available Cristian Gafton (Apr 24)
- FreeBSD Security Advisory: FreeBSD-SA-00:14.imap-uw FreeBSD Security Officer (Apr 24)
- FreeBSD Security Advisory: FreeBSD-SA-00:15.imap-uw FreeBSD Security Officer (Apr 24)
- piranha default password/exploit Max Vision (Apr 24)
- Re: piranha default password/exploit Cristian Gafton (Apr 25)
- Re: piranha default password/exploit CDI (Apr 25)
- Re: piranha default password/exploit Matt Wilson (Apr 26)
- fingerd Psarras Nikos (Apr 27)
- Re: fingerd Brock Sides (Apr 27)
- Re: fingerd Jeremy Rauch (Apr 27)
- Cartfix Secret Backdoor Patch tool for cart32 Weld Pond (Apr 27)
- ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Aleph One (Apr 25)
- Re: ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Cristian Gafton (Apr 25)