Chetcpasswd Multiple Vulnerabilities

Bugtraq ID:	21102
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Nov 15 2006 12:00AM
Updated:	Nov 17 2006 12:06AM
Credit:	Bas Zoetekouw is credited with the discovery of these vulnerabilities.
Vulnerable:	Squid Analysis Report Generator Project Chetcpasswd 2.3.3 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha
Not Vulnerable:

Chetcpasswd Multiple Vulnerabilities

Chetcpasswd is prone to multiple vulnerabilities. These issues include an information-disclosure vulnerability and an authentication-bypass vulnerability.

An attacker may exploit these issues to gain unauthorized access to the affected computer and gain access to sensitive information.

Chetcpasswd Multiple Vulnerabilities

An attacker can exploit these issues via a web client.

Chetcpasswd Multiple Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Chetcpasswd Multiple Vulnerabilities

References:

• Debian Bug report logs 394454 (uses HTTP_X_FORWARDED_FOR for authentication (and (Debian)
  
• Vendor Home Page (Squid Analysis Report Generator Project)