Secunia Security Advisory - Ziv Kamir has reported some vulnerabilities in Keene Digital Media Server, which can be exploited by malicious people to retrieve sensitive information and perform administrative tasks. The vulnerabilities have been reported in version 1.0.2. Other versions may also be affected.
93ca61e3f228e0e110b9d19feec0dba3de5b6f4c2b36f24951786570cd98bfaf
TITLE:
Keene Digital Media Server Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA12272
VERIFY ADVISORY:
https://secunia.com/advisories/12272/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Keene Digital Media Server 1.x
https://secunia.com/product/3778/
DESCRIPTION:
Ziv Kamir has reported some vulnerabilities in Keene Digital Media
Server, which can be exploited by malicious people to retrieve
sensitive information and perform administrative tasks.
1) Keene Digital Media Server stores passwords in clear text in the
file "dmscore.db" in the installatio directory. This may disclose
sensitive information to malicious local users.
2) An input validation error within the processing of HTTP requests
can be exploited to retrieve arbitrary files via directory traversal
attacks where the URL encoded representation of the "../" character
sequence is used.
Example:
https://[victim]/dms/%2e%2e/%2e%2e/dmscore.db
This can be exploited by malicious people in combination with the
first vulnerability to gain knowledge of adminsitrative passwords.
3) It is possible to bypass the user authentication and perform
adminsitrative tasks by accessing the script "/dms/adminusers.kspx"
directly.
The vulnerabilities have been reported in version 1.0.2. Other
versions may also be affected.
SOLUTION:
The vendor has stated that the vulnerabilities will be fixed in an
upcoming version 1.0.4.
PROVIDED AND/OR DISCOVERED BY:
Ziv Kamir
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
https://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
https://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed