H-Sphere Control Panel Insecure Logfile Permissions Vulnerability
BID:21436
Info
H-Sphere Control Panel Insecure Logfile Permissions Vulnerability
| Bugtraq ID: | 21436 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 05 2006 12:00AM |
| Updated: | Dec 05 2006 04:09PM |
| Credit: | fireD discovered this issue. |
| Vulnerable: |
Positive Software Corporation H-Sphere 2.4.3 |
| Not Vulnerable: |
Positive Software Corporation H-Sphere 2.5 RC3 |
Discussion
H-Sphere Control Panel Insecure Logfile Permissions Vulnerability
H-Sphere Control Panel creates logfiles with permissions. A local attacker may exploit this issue to gain elevated privileges, potentially facilitating a compromise of the system.
H-Sphere Control Panel version 2.4.3 is reportedly vulnerable; other versions may be affected as well.
H-Sphere Control Panel creates logfiles with permissions. A local attacker may exploit this issue to gain elevated privileges, potentially facilitating a compromise of the system.
H-Sphere Control Panel version 2.4.3 is reportedly vulnerable; other versions may be affected as well.
Exploit / POC
H-Sphere Control Panel Insecure Logfile Permissions Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
H-Sphere Control Panel Insecure Logfile Permissions Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
H-Sphere Control Panel Insecure Logfile Permissions Vulnerability
References:
References:
- H-Sphere Homepage (Positive Software)