Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17541
HistoryJul 19, 2007 - 12:00 a.m.

Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940

2007-07-1900:00:00
vulners.com
29
JSON

Hi all;

The LedgerSMB team is still working on a security advisory which details
the exact nature of the security vulnerability, how to test for it,
etc. We are giving it a couple days to ensure that it is correct and
well edited, and that administrators have a chance to upgrade before the
exploit becomes common knowledge.

This email is designed simply to clarify which versions are affected and
what the scope of the issue. I expect with in a day or two, the full
security advisory will be released.

This particular issue only affects versions 1.2.0 through 1.2.6. Prior
versions, and other programs sharing the SQL-Ledger parentage are not
affected (though there are other security issues with LedgerSMB 1.0.x -
1.1.x.

By passing a specially crafted URL to the program, it is possible to get
it to circumvent the normal authentication checks and instead perform
any other arbitrary action within its own programming. It allows in
particular:
1) Non-authenticated users to gain access to templates, etc. and use
this as a vector for further attacks and
2) Allow legitimate users to masquerade as eachother, and thus make any
evidence of wrongdoing (such as embezzlement) appear to be tied to any
other legitimate user.

This is the most important security vulnerability since 1.1.5 and all
users are advised to upgrade immediately.

Best Wishes,
Chris Travers

JSON