CruiseWorks and Minna De Office Access Restrictions Bypass Vulnerability

Bugtraq ID:	23198
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 29 2007 12:00AM
Updated:	Mar 29 2007 12:00AM
Credit:	Ishikawa Hiroshi is credited with the discovery of this issue.
Vulnerable:	Kynos Logic CruiseWorks 1.09e Kynos Logic CruiseWorks 1.09d Kynos Logic CruiseWorks 1.09c Kynos Logic CruiseWorks 1.09b Kynos Logic CruiseWorks 1.09a Asian Technology Co, LTD. Minna De Office 2.0 Asian Technology Co, LTD. Minna De Office 1.12
Not Vulnerable:	Kynos Logic CruiseWorks 1.09f

CruiseWorks and Minna De Office Access Restrictions Bypass Vulnerability

CruiseWorks and Minna De Office are prone to a vulnerability that allows attackers to bypass access restrictions. This issue occurs because they fail to implement adequate access restrictions.

An attacker can exploit this issue to modify certain system configurations. Other attacks may also be possible.

This issue affects CruiseWorks 1.09e and Minna De Office 2.0, 1.12, and prior versions; other versions may also be affected.

CruiseWorks and Minna De Office Access Restrictions Bypass Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

CruiseWorks and Minna De Office Access Restrictions Bypass Vulnerability

Solution:
Kynos Logic has released a fix for CruiseWorks. Please see the references for more information.


Kynos Logic CruiseWorks 1.09c

• Kynos Logic Fcws-v1_09f.exe
  http://www.worldlingo.com/wl/services/SiLVb2DaMEWzgkcYUYo2vDetmEalD8SQ f/translation?wl_srclang=ja&wl_trglang=en&wl_rurl=http%3A%2F%2Fwww.kyn os.co.jp%2Fcws-support%2Fcws%2Fcwsdownload_upinfo1_09f.html&wl_url=htt p%3A%2F%2Fwww.kynos.co.jp%2Fcgi-bin%2Fdownload%2Fdlp.cgi%2Fcws-v1_09f. exeFcws-v1_09f.exe

Kynos Logic CruiseWorks 1.09e

• Kynos Logic Fcws-v1_09f.exe
  http://www.worldlingo.com/wl/services/SiLVb2DaMEWzgkcYUYo2vDetmEalD8SQ f/translation?wl_srclang=ja&wl_trglang=en&wl_rurl=http%3A%2F%2Fwww.kyn os.co.jp%2Fcws-support%2Fcws%2Fcwsdownload_upinfo1_09f.html&wl_url=htt p%3A%2F%2Fwww.kynos.co.jp%2Fcgi-bin%2Fdownload%2Fdlp.cgi%2Fcws-v1_09f. exeFcws-v1_09f.exe

Kynos Logic CruiseWorks 1.09a

• Kynos Logic Fcws-v1_09f.exe
  http://www.worldlingo.com/wl/services/SiLVb2DaMEWzgkcYUYo2vDetmEalD8SQ f/translation?wl_srclang=ja&wl_trglang=en&wl_rurl=http%3A%2F%2Fwww.kyn os.co.jp%2Fcws-support%2Fcws%2Fcwsdownload_upinfo1_09f.html&wl_url=htt p%3A%2F%2Fwww.kynos.co.jp%2Fcgi-bin%2Fdownload%2Fdlp.cgi%2Fcws-v1_09f. exeFcws-v1_09f.exe

Kynos Logic CruiseWorks 1.09d

• Kynos Logic Fcws-v1_09f.exe
  http://www.worldlingo.com/wl/services/SiLVb2DaMEWzgkcYUYo2vDetmEalD8SQ f/translation?wl_srclang=ja&wl_trglang=en&wl_rurl=http%3A%2F%2Fwww.kyn os.co.jp%2Fcws-support%2Fcws%2Fcwsdownload_upinfo1_09f.html&wl_url=htt p%3A%2F%2Fwww.kynos.co.jp%2Fcgi-bin%2Fdownload%2Fdlp.cgi%2Fcws-v1_09f. exeFcws-v1_09f.exe

Kynos Logic CruiseWorks 1.09b

• Kynos Logic Fcws-v1_09f.exe
  http://www.worldlingo.com/wl/services/SiLVb2DaMEWzgkcYUYo2vDetmEalD8SQ f/translation?wl_srclang=ja&wl_trglang=en&wl_rurl=http%3A%2F%2Fwww.kyn os.co.jp%2Fcws-support%2Fcws%2Fcwsdownload_upinfo1_09f.html&wl_url=htt p%3A%2F%2Fwww.kynos.co.jp%2Fcgi-bin%2Fdownload%2Fdlp.cgi%2Fcws-v1_09f. exeFcws-v1_09f.exe

CruiseWorks and Minna De Office Access Restrictions Bypass Vulnerability

References:

• Vendor Homepage (Kynos Logic)
  
• Vendor Homepage (Asian Technology Co, LTD.)
  
• JVN#73258608 (JP Vendor Status Notes)