lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9DCDA305-52C7-4E6F-AF4F-A02C56357F38@ddifrontline.com>
Date: Mon, 23 Jan 2012 09:19:10 -0600
From: ddivulnalert <ddivulnalert@...frontline.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DDIVRT-2011-39 SolarWinds Storage Manager Server
	SQL Injection Authentication Bypass

Title
-----
DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection
Authentication Bypass

Severity
--------
High

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: r@...$

Date Discovered
---------------
December 7, 2011

Vulnerability Description
-------------------------
The 'LoginServlet' page on port 9000 of the SolarWinds Storage Manager
Server is vulnerable to a SQL injection within the 'loginName' field.
An attacker can leverage this flaw to bypass authentication to the
Storage Manager application or to execute arbitrary SQL commands and
extract sensitive information from the backend database using standard
SQL exploitation techniques. Additionally, an attacker may be able to
leverage this flaw to compromise the database server host operating
system.

Solution Description
--------------------
SolarWinds has not yet provided a patch to address the issue. Digital
Defense, Inc. recommends restricting access to the affected port until
an update has been produced by the vendor.

Tested Systems / Software 
-------------------------
32-bit SolarWinds Storage Manager Server version 5.1.2 on Windows 2003

Vendor Contact
--------------
Name: SolarWinds
Website: http://www.solarwinds.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ