[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030401132354.25671.qmail@web40603.mail.yahoo.com>
Date: Tue, 1 Apr 2003 14:23:54 +0100 (BST)
From: Ben Maynard <liliafan@...oo.co.uk>
To: bugtraq@...urityfocus.com
Subject: Viewpoint Server
-------------------------------
Application: Viewpoint Server
Vendor: DS Ltd
Language: Shell
OS: Unixes
Discovered: Ben Maynard
<bmaynard(at)voodoox(dot)net>
-------------------------------
Application Description:
Viewpoint server is a web application that allow users
to view catalogs at their local library, additionally
viewpoint allows users to reserve books and even query
their accounts to see what they have in the way of
fines and outstanding books.
Application Problem:
When a user queries the database the application
creates a file in the /tmp directory which is then
read and printed to the screen, this filename is
passed in clear text to the browser, this allows the
user to enter any file name their choose including,
"/etc/passwd".
The security implications of this are obvious, it is
also possible to read the database data devices
through the browser so the possibility exists for a
users to write an interface to translate these files,
thus getting personal details on the users in that
library district.
Exploit Severity:
Severe ability to read the majority of files on the
system and the ability to exploit the database to
personal details on all users.
As a additional problem this software is used by the
majority of internet connected libraries in the united
kingdom.
Action Taken:
I notified the authors through my local library > 5
months ago, 40 days ago the problem still existed so I
contacted DS directly and spoke to the author he
promised a fix I checked today and it appears to have
been quitely fixed.
__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer
Powered by blists - more mailing lists