Vulnwatch mailing list archives
Re: NetObserve Security Bypass Vulnerability
From: "Peter Winter-Smith" <peter4020 () hotmail com>
Date: Wed, 31 Dec 2003 00:52:31 +0000
Re: NetObserve Security Bypass Vulnerability ############################################ Credit: Author : Peter Winter-Smith Software: Packages : NetObserve Version : 2.0 and prior Vendor : ExploreAnywhere Software Vendor Url : http://www.exploreanywhere.com/no-intro.php Vulnerability: Bug Type : Security Bypass Severity : Highly Critical + Remote System Command Via NetObserve UPDATE: I may have been a little unclear in my description of the exploitability of this flaw. It seems that I interchanged the words 'administrator' and 'remote user' giving the impression that only a current'user' of the administration panel can compromise the system through these flaws. In actual fact it is possible to compromise a system running NetObserve without being any kind of authenticated user or administrator! I thought I should mention this because it has been labelled as only exploitable by current users of the NetObserve system, which is technically incorrect - anyone can exploit it :-) The complete document on this flaw can be found at: http://www.elitehaven.net/netobserve.txt Thanks to you all for the tireless effort and research work which you put into the security community! -Peter Winter-Smith _________________________________________________________________Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband
Current thread:
- NetObserve Security Bypass Vulnerability Peter Winter-Smith (Dec 29)
- <Possible follow-ups>
- Re: NetObserve Security Bypass Vulnerability Peter Winter-Smith (Dec 30)