SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Timbuktu Vendors:   Netopia
Netopia Timbuktu Remote Access Software Lets Users Without Administrator Privileges Modify User Account Restrictions
SecurityTracker Alert ID:  1003637
SecurityTracker URL:  http://securitytracker.com/id/1003637
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 22 2002
Impact:   Modification of system information, User access via network
Exploit Included:  Yes  
Version(s): Timbuktu Pro 4.5 Build 869
Description:   A vulnerability was reported in Netopia's Timbuktu remote access software. A user can modify user account restrictions and grant administrator privileges to known user accounts.

It is reported that Timbuktu stores user privilege configuration information in the 'tb2.plu' file, typically located in the \Programme\Timbuktu Pro\ directory. Usernames are apparently stored in clear text. Access to the file is apparently not restricted, allowing a user to replace the tb2.plu file with a file containing an arbitrary username and password combination and specifying no restrictions. This will allow the user to login with the arbitrary username and be granted full administrator privileges.

Impact:   A remote user with a valid login credentials can change the Timbuktu configuration file to modify a user account to grant full administrator privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.netopia.com/en-us/software/products/tb2/index.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  DR.Timbuktu.Database.Insecurity


This is a multi-part message in MIME format.
--------------0DAFC72479EC5C752A167BF8
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

http://packetstorm.widexs.nl/advisories/misc/timbuktu.txt
--------------0DAFC72479EC5C752A167BF8
Content-Type: text/plain; charset=us-ascii;
 name="timbuktu.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="timbuktu.txt"



    o0O Digital_Rebels O0o
     
        - Advisory #1 -


--[Facts]--

 Advisory      :   DR.Timbuktu.Database.Insecurity

 Date          :   19.02.02
 
 Application   :   Timbuktu Pro 4.5 Build 869
                   (former versions are likely to be affected, too)

 Impact        :   Overriding User-Database 

 Author        :   Ernesto Tequila


--[Introduction]--

</snip>

For IT professionals, Timbuktu Pro means the best 
remote control technology for reducing the Total 
Cost of Ownership, while simultaneously increasing 
productivity across the enterprise. For telecommuters, 
Timbuktu is an indispensable remote collaboration and 
communications tool that enables professionals to 
connect to remote machines in real time.

</snap>

--[Advisory]--

Timbuktu is a Remote Access Server / Client for Windows
and Mac environments. It gives the user control over 
the server according to it's restrictions set in the 
User-Database of the server. All user information is 
stored on the server side in a file called tb2.plu which 
normally resides in <device>:\Programme\Timbuktu Pro.
Timbuktu stores the usernames in cleartext in this file
giving anyone the possibility to look up user accounts.
Even more critical is the point that this file is not
locked during the operation of the server, giving 
intruders the possibility to replace the tb2.plu file
with one created at home with a known username / 
password combination and no restrictions at all. After
a restart of the Timbuktu application it reads the new
user / passes from the file, granting the intruder full 
administrator access!

--[Patch]--

No patch available at the moment

Check www.netopia.com for updates!

--[Contact]--

Ernesto Tequila <ernesto@digreb.de>

www.digreb.de

--[Shouts]--

..:: DigReb, HDC, THC ::..

..:: Rolex, xaitax, Lazarus, Leh, Semmel, marts, hb-man ::..


--------------0DAFC72479EC5C752A167BF8--



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC