CVE-2005-3280
CVSS7.5
发布时间 :2005-10-23 06:02:00
修订时间 :2008-09-05 16:53:57
NMCOS    

[原文]Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges.


[CNNVD]Paros HSQLDB远程认证绕过漏洞(CNNVD-200510-171)

        Paros Prox是一个对Web应用程序的漏洞进行评估的代理程序。
        Paros 3.2.5在底层HSQLDB数据库中为 "sa" 帐户使用默认的密码,而且不限制对本地机器的访问,可以使远程攻击者获得特权。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3280
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3280
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-171
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/22557
(PATCH)  XF  paros-password-security-bypass(22557)
http://www.zone-h.com/en/advisories/read/id=8286/
(VENDOR_ADVISORY)  MISC  http://www.zone-h.com/en/advisories/read/id=8286/
http://www.securityfocus.com/bid/15141
(PATCH)  BID  15141
http://secunia.com/advisories/17089
(VENDOR_ADVISORY)  SECUNIA  17089
http://www.securityfocus.com/archive/1/archive/1/423446/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060130 Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password
http://www.gentoo.org/security/en/glsa/glsa-200601-15.xml
(UNKNOWN)  GENTOO  GLSA-200601-15
http://secunia.com/advisories/18626
(UNKNOWN)  SECUNIA  18626

- 漏洞信息

Paros HSQLDB远程认证绕过漏洞
高危 设计错误
2005-10-23 00:00:00 2005-10-24 00:00:00
远程  
        Paros Prox是一个对Web应用程序的漏洞进行评估的代理程序。
        Paros 3.2.5在底层HSQLDB数据库中为 "sa" 帐户使用默认的密码,而且不限制对本地机器的访问,可以使远程攻击者获得特权。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        Paros Paros 3.2.5
        Paros paros-3.2.6-unix.zip
        http://prdownloads.sourceforge.net/paros/paros-3.2.6-unix.zip
        Paros paros-3.2.7-src.zip
        http://prdownloads.sourceforge.net/paros/paros-3.2.7-src.zip?download
        Paros Paros 3.2.6
        Paros paros-3.2.7-src.zip
        http://prdownloads.sourceforge.net/paros/paros-3.2.7-src.zip?download

- 漏洞信息

19884
ParosProxy hsqldb Default Blank sa Password
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

ParosProxy contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when hsqldb starts due to listening on all interfaces with a default password, which will disclose database content information resulting in a loss of confidentiality.

- 时间线

2005-10-07 2005-10-03
Unknow Unknow

- 解决方案

Upgrade to version 3.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Paros HSQLDB Remote Authentication Bypass Vulnerability
Design Error 15141
Yes No
2005-10-19 12:00:00 2006-02-07 08:54:00
FortConsult ApS is credited with the discovery of this vulnerability. Marc Schoenefeld <marc.schoenefeld@gmx.org> is credited with pointing out the localhost attack scenario.

- 受影响的程序版本

Paros Paros 3.2.6
Paros Paros 3.2.5
Gentoo Linux
Paros Paros 3.2.7
Paros Paros 3.2.6

- 不受影响的程序版本

Paros Paros 3.2.7
Paros Paros 3.2.6

- 漏洞讨论

Paros is prone to a remote authentication-bypass vulnerability.

This issue may result in the disclosure of sensitive information, and possible execution of commands on the victim machine.

Paros version 3.2.5 is affected; earlier versions may also be vulnerable.

Update: version 3.2.6 was released and addresses this issue from remote computers, because the database listens only on localhost by default. This still allows local users to connect, since the default username of 'sa' with a blank password is still used.

- 漏洞利用

An exploit is not required.

- 解决方案


The vendor has released version 3.2.7 to address this issue. Version 3.2.7 uses the database in-process, and remote/localhost access is no longer possible.

Gentoo Linux has released security advisory GLSA 200601-15 addressing this issue. Gentoo recommends that all Paros users upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/paros-3.2.8"


Paros Paros 3.2.5

Paros Paros 3.2.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站