Talentsoft Web+ Internal IP Address Disclosure Vulnerability

Bugtraq ID:	1720
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Sep 27 2000 12:00AM
Updated:	Sep 27 2000 12:00AM
Credit:	Discovered by Delphis <[email protected]> and posted in a Delphis security advisory <DST2K0032> on Sep 27, 2000.
Vulnerable:	TalentSoft Web+ Server 4.6 - FreeBSD FreeBSD 3.x - FreeBSD FreeBSD 2.x - Linux libc 5x - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Redhat Linux 5.x - Redhat Linux 4.x - Sun Solaris x86 - Sun Solaris 8_sparc TalentSoft Web+ Monitor 4.6 - FreeBSD FreeBSD 3.x - FreeBSD FreeBSD 2.x - Linux libc 5x - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Redhat Linux 5.x - Redhat Linux 4.x - Sun Solaris x86 - Sun Solaris 8_sparc TalentSoft Web+ Client 4.6 - FreeBSD FreeBSD 3.x - FreeBSD FreeBSD 2.x - Linux libc 5x - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Redhat Linux 5.x - Redhat Linux 4.x - Sun Solaris x86 - Sun Solaris 8_sparc
Not Vulnerable:

Talentsoft Web+ Internal IP Address Disclosure Vulnerability

Solution:
Talentsoft has provided the following patches which rectify this issue:


TalentSoft Web+ Client 4.6

• Talentsoft webplus_freebsd_2.x_security_patch
  FreeBSD 2.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_freebsd _2.x_security_patch.tar.gz


• Talentsoft webplus_freebsd_3.x_security_patch
  FreeBSD 3.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_freebsd _3.x_security_patch.tar.gz


• Talentsoft webplus_linux_dynamic_security_patch
  Linux libc5
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_linux_d ynamic_security_patch.tar.gz


• Talentsoft webplus_linux_static_security_patch
  Red Hat Linux 4.x - 5.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_linux_s tatic_security_patch.tar.gz


• Talentsoft webplus_security_patch
  Windows 9x, NT, 2000
  ftp://ftp.talentsoft.com/download/webplus/windows/webplus_security_pat ch.exe


• Talentsoft webplus_solaris_sparc_security_patch
  Solaris Sparc
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_solaris _sparc_security_patch.tar.gz


• Talentsoft webplus_solaris_x86_security_patch
  Solaris x86
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_solaris _x86_security_patch.tar.gz

TalentSoft Web+ Server 4.6

• Talentsoft webplus_freebsd_2.x_security_patch
  FreeBSD 2.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_freebsd _2.x_security_patch.tar.gz


• Talentsoft webplus_freebsd_3.x_security_patch
  FreeBSD 3.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_freebsd _3.x_security_patch.tar.gz


• Talentsoft webplus_linux_dynamic_security_patch
  Linux libc5
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_linux_d ynamic_security_patch.tar.gz


• Talentsoft webplus_linux_static_security_patch
  Red Hat Linux 4.x - 5.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_linux_s tatic_security_patch.tar.gz


• Talentsoft webplus_security_patch
  Windows 9x, NT, 2000
  ftp://ftp.talentsoft.com/download/webplus/windows/webplus_security_pat ch.exe


• Talentsoft webplus_solaris_sparc_security_patch
  Solaris Sparc
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_solaris _sparc_security_patch.tar.gz


• Talentsoft webplus_solaris_x86_security_patch
  Solaris x86
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_solaris _x86_security_patch.tar.gz

TalentSoft Web+ Monitor 4.6

• Talentsoft webplus_freebsd_2.x_security_patch
  FreeBSD 2.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_freebsd _2.x_security_patch.tar.gz


• Talentsoft webplus_freebsd_3.x_security_patch
  FreeBSD 3.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_freebsd _3.x_security_patch.tar.gz


• Talentsoft webplus_linux_dynamic_security_patch
  Linux libc5
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_linux_d ynamic_security_patch.tar.gz


• Talentsoft webplus_linux_static_security_patch
  Red Hat Linux 4.x - 5.x
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_linux_s tatic_security_patch.tar.gz


• Talentsoft webplus_security_patch
  Windows 9x, NT, 2000
  ftp://ftp.talentsoft.com/download/webplus/windows/webplus_security_pat ch.exe


• Talentsoft webplus_solaris_sparc_security_patch
  Solaris Sparc
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_solaris _sparc_security_patch.tar.gz


• Talentsoft webplus_solaris_x86_security_patch
  Solaris x86
  ftp://ftp.talentsoft.com/download/webplus/unix/patches/webplus_solaris _x86_security_patch.tar.gz

Talentsoft Web+ Internal IP Address Disclosure Vulnerability

References:

• TalentSoft Homepage (TalentSoft)
  
• Talentsoft Knowledge Base (Talentsoft)