LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
BID:10010
Info
LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 10010 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2004 12:00AM |
| Updated: | Mar 30 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to Martin Eiszner <[email protected]>. |
| Vulnerable: |
LinBit Technologies LINBOX Officeserver |
| Not Vulnerable: | |
Discussion
LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
It has been reported that LINBOX is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow access to web based administration scripts without proper authorization.
This issue may allow unauthorized user to gain access to the administration scripts of the affected system.
It has been reported that LINBOX is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow access to web based administration scripts without proper authorization.
This issue may allow unauthorized user to gain access to the administration scripts of the affected system.
Exploit / POC
LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
Issuing the following request to the affected server will provide access to the administration interface:
http://www.example.com//admin/user.pl
No exploit is required to leverage this issue. The following proof of concept has been provided:
Issuing the following request to the affected server will provide access to the administration interface:
http://www.example.com//admin/user.pl
Solution / Fix
LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
Solution:
The vendor has provided a patch dealing with this issue.
LinBit Technologies LINBOX Officeserver
Solution:
The vendor has provided a patch dealing with this issue.
LinBit Technologies LINBOX Officeserver
-
LinBit Technologies linbox-sa1.patch
http://linbox.linbit.at/patches/linbox-sa1.patch
References
LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
References:
References:
- LINBOX Home Page (LinBit Technologies)
- Linbit linbox Multiple Vulnerabilities (Martin Eiszner
)