| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jan 2012 15:15:38 GMT From: ddivulnalert@...frontline.com To: bugtraq@...urityfocus.com Subject: DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass Title ----- DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass Severity -------- High Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@...$ Date Discovered --------------- December 7, 2011 Vulnerability Description ------------------------- The 'LoginServlet' page on port 9000 of the SolarWinds Storage Manager Server is vulnerable to a SQL injection within the 'loginName' field. An attacker can leverage this flaw to bypass authentication to the Storage Manager application or to execute arbitrary SQL commands and extract sensitive information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system. Solution Description -------------------- SolarWinds has not yet provided a patch to address the issue. Digital Defense, Inc. recommends restricting access to the affected port until an update has been produced by the vendor. Tested Systems / Software ------------------------- 32-bit SolarWinds Storage Manager Server version 5.1.2 on Windows 2003 Vendor Contact -------------- Name: SolarWinds Website: http://www.solarwinds.com/
Powered by blists - more mailing lists