Interchange Remote Information Disclosure Vulnerability
BID:10005
Info
Interchange Remote Information Disclosure Vulnerability
| Bugtraq ID: | 10005 |
| Class: | Design Error |
| CVE: |
CVE-2004-0374 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | This issue was disclosed in the product changelog. |
| Vulnerable: |
Interchange Interchange 5.0 Interchange Interchange 4.8.9 Interchange Interchange 4.8.8 Interchange Interchange 4.8.7 Interchange Interchange 4.8.6 Interchange Interchange 4.8.5 Interchange Interchange 4.8.4 Interchange Interchange 4.8.3 Interchange Interchange 4.8.2 Interchange Interchange 4.8.1 |
| Not Vulnerable: |
Interchange Interchange 5.0.1 |
Discussion
Interchange Remote Information Disclosure Vulnerability
It has been reported that Interchange may be prone to a remote information disclosure vulnerability allowing attackers to disclose contents of arbitrary variables via URI requests.
This issue may allow an attacker to gain access to sensitive information that may be used to launch further attacks against a system.
It has been reported that Interchange may be prone to a remote information disclosure vulnerability allowing attackers to disclose contents of arbitrary variables via URI requests.
This issue may allow an attacker to gain access to sensitive information that may be used to launch further attacks against a system.
Exploit / POC
Interchange Remote Information Disclosure Vulnerability
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/cgi-bin/store/__SQLUSER__
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/cgi-bin/store/__SQLUSER__
Solution / Fix
Interchange Remote Information Disclosure Vulnerability
Solution:
The vendor has released Interchange 5.0.1 to address this issue.
Debian has released advisory DSA 471-1 and fixes dealing with this issue.
Interchange Interchange 4.8.1
Interchange Interchange 4.8.2
Interchange Interchange 4.8.3
Interchange Interchange 4.8.4
Interchange Interchange 4.8.5
Interchange Interchange 4.8.6
Interchange Interchange 4.8.7
Interchange Interchange 4.8.8
Interchange Interchange 4.8.9
Interchange Interchange 5.0
Solution:
The vendor has released Interchange 5.0.1 to address this issue.
Debian has released advisory DSA 471-1 and fixes dealing with this issue.
Interchange Interchange 4.8.1
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 4.8.2
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 4.8.3
-
Debian interchange-cat-foundation_4.8.3.20020306-1.woody.2_all.deb
Architecture Independent:
http://security.debian.org/pool/updates/main/i/interchange/interchange -cat-foundation_4.8.3.20020306-1.woody.2_all.deb -
Debian interchange-ui_4.8.3.20020306-1.woody.2_all.deb
Architecture Independant:
http://security.debian.org/pool/updates/main/i/interchange/interchange -ui_4.8.3.20020306-1.woody.2_all.deb -
Debian interchange_4.8.3.20020306-1.woody.2_alpha.deb
Alpha architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_alpha.deb -
Debian interchange_4.8.3.20020306-1.woody.2_arm.deb
ARM architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_arm.deb -
Debian interchange_4.8.3.20020306-1.woody.2_hppa.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_hppa.deb -
Debian interchange_4.8.3.20020306-1.woody.2_i386.deb
IA-32 Independent:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_i386.deb -
Debian interchange_4.8.3.20020306-1.woody.2_ia64.deb
IA-64 Independent:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_ia64.deb -
Debian interchange_4.8.3.20020306-1.woody.2_m68k.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_m68k.deb -
Debian interchange_4.8.3.20020306-1.woody.2_mips.deb
Big Endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_mips.deb -
Debian interchange_4.8.3.20020306-1.woody.2_mipsel.deb
Little Endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_mipsel.deb -
Debian interchange_4.8.3.20020306-1.woody.2_powerpc.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_powerpc.deb -
Debian interchange_4.8.3.20020306-1.woody.2_s390.deb
IBM s/390 architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_s390.deb -
Debian interchange_4.8.3.20020306-1.woody.2_sparc.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange _4.8.3.20020306-1.woody.2_sparc.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_alpha.deb
Architecture architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_alpha.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_arm.deb
ARM architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_arm.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_hppa.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_hppa.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_i386.deb
IA-32 architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_i386.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_ia64.deb
IA-64 architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_ia64.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_m68k.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_m68k.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_mips.deb
Big Endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_mips.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_mipsel.deb
Little Endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_mipsel.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_powerpc.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_powerpc.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_s390.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_s390.deb -
Debian libapache-mod-interchange_4.8.3.20020306-1.woody.2_sparc.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/i/interchange/libapache-m od-interchange_4.8.3.20020306-1.woody.2_sparc.deb -
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 4.8.4
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 4.8.5
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 4.8.6
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 4.8.7
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 4.8.8
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 4.8.9
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
Interchange Interchange 5.0
-
Interchange Interchange 5.0.1
http://www.icdevgroup.org/i/dev/download.html
References
Interchange Remote Information Disclosure Vulnerability
References:
References:
- Interchange 5.0.1 Changelog (Interchange)
- Interchange Homepage (Interchange)