BID:51561

Tucan Manager CVE-2012-0063 Plugin Update Security Bypass Vulnerability

Info

Tucan Manager CVE-2012-0063 Plugin Update Security Bypass Vulnerability

Bugtraq ID:	51561
Class:	Access Validation Error
CVE:	CVE-2012-0063
Remote:	Yes
Local:	No
Published:	Jan 18 2012 12:00AM
Updated:	Jan 18 2012 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Tucan Tucan Manager 0.3.9-1

Not Vulnerable:

Discussion

Tucan Manager CVE-2012-0063 Plugin Update Security Bypass Vulnerability

Tucan Manager is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Tucan Manager 0.3.9-1 is vulnerable; other versions may also be affected.

Exploit / POC

Tucan Manager CVE-2012-0063 Plugin Update Security Bypass Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Tucan Manager CVE-2012-0063 Plugin Update Security Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Tucan Manager CVE-2012-0063 Plugin Update Security Bypass Vulnerability

References:

Bug 782999 - (CVE-2012-0063) CVE-2012-0063 tucan: insecure plugin update mechani (Red Hat)
CVE request: tucan insecure plugin update mechanism (GMANE)
Tucan Manager Homepage (Tucan Manager)
tucan: insecure update mechanism (Debian)