lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030401132354.25671.qmail@web40603.mail.yahoo.com>
Date: Tue, 1 Apr 2003 14:23:54 +0100 (BST)
From: Ben Maynard <liliafan@...oo.co.uk>
To: bugtraq@...urityfocus.com
Subject: Viewpoint Server


-------------------------------
Application:  Viewpoint Server
Vendor:       DS Ltd
Language:     Shell
OS:           Unixes
Discovered:   Ben Maynard
<bmaynard(at)voodoox(dot)net>
-------------------------------      

Application Description:

Viewpoint server is a web application that allow users
to view catalogs at their local library, additionally
viewpoint allows users to reserve books and even query
their accounts to see what they have in the way of
fines and outstanding books.

Application Problem:

When a user queries the database the application
creates a file in the /tmp directory which is then
read and printed to the screen, this filename is
passed in clear text to the browser, this allows the
user to enter any file name their choose including,
"/etc/passwd".  

The security implications of this are obvious, it is
also possible to read the database data devices
through the browser so the possibility exists for a
users to write an interface to translate these files,
thus getting personal details on the users in that
library district.

Exploit Severity:

Severe ability to read the majority of files on the
system and the ability to exploit the database to
personal details on all users.

As a additional problem this software is used by the
majority of internet connected libraries in the united
kingdom.

Action Taken:

I notified the authors through my local library > 5
months ago, 40 days ago the problem still existed so I
contacted DS directly and spoke to the author he
promised a fix I checked today and it appears to have
been quitely fixed.

__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ