lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 26 May 2006 21:27:07 +0200
From: Cemil Degirmenci <cd@...econ.de>
To: bugtraq@...urityfocus.com
Subject: Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash
 and default password


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory Name			Open-Xchange defaultuser with /bin/bash
Vendor				Open-Xchange Inc.
Product				Open-Xchange
Version				< 0.8.2
Author				Cemil Degirmenci
Risk				high


o Description:
=======================

The OPEN-XCHANGE Collaboration and Integration Server Environment allows
you to store appointments, contacts, tasks, email messages, bookmarks,
documents, and many more elements, and share them with other users. It
can be accessed via any modern Web browser and multiple fat clients like
MS Outlook, Palm devices, KDE Kontact, Apple's iCAL, Konqueror, Mozilla
Calendar, any many more, based on open standards and interfaces. Third
party products can access this application over many different
interfaces such as WebDAV (XML), LDAP, iCal, an API, and HTTP/S


o Vulnerability
=======================

There is a defaultuser with username "mailadmin" and password "secret"
in Open-Xchange-LDAP.

dn: uid=mailadmin,ou=Users,ou=OxObjects,dc=example,dc=org
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: OXUserObject
uidNumber: 1001
homeDirectory: /home/mailadmin/
loginShell: /bin/bash
mailEnabled: OK
gidNumber: 500
mailDomain: example.org
ou: Administration
uid: mailadmin
sn: Admin
preferredLanguage: EN
mail: mailadmin@...mple.org
o: Example Organization
smtpServer: localhost
imapServer: localhost
alias: postmaster@...mple.org
alias: root@...mple.org
givenName: Admin
cn: Admin Admin
shadowMin: 0
shadowMax: 9999
shadowWarning: 7
shadowExpire: 0
userPassword: secret
OXAppointmentDays: 5
OXGroupID: 500
OXTaskDays: 5
OXTimeZone: Europe/Berlin

This vulnerability only appears in the opensource version of Open-Xchange

o Solution
=======================
Be aware before you activate Unix-Authentification against Open-Xchange
and change the password and loginshell of this user. Don't trust
default-installations at all.


o Reference
=======================
http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815


o Notes
=======================
The vendor was informed 2006-05-18. There was also a news on the german
newssite golem.de on 2006-05-19 (http://www.golem.de/0605/45407.html)

- --
Wavecon IT-Solutions GbR
Frankenstrasse 9 - 90762 Fuerth
Email: support@...econ.de - Web: http://www.wavecon.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEd1aLudsr6D13pqsRAoxcAJsGQz5ccJUeLBjLI0gX//t8l2hEYwCgkGb2
ah1cR+Jvf+bClo3zmPUo97k=
=Cba0
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists