SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Tarantella Vendors:   Tarantella, Inc.
Tarantella Session Routing Flaw May Send Keypresses From One User to Another User's Session
SecurityTracker Alert ID:  1006981
SecurityTracker URL:  http://securitytracker.com/id/1006981
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 13 2003
Impact:   Modification of user information
Vendor Confirmed:  Yes  
Version(s): 3.3x, 3.2x, 3.1x, and 3.0x
Description:   A vulnerability was reported in Tarantella Enterprise 3. Keypress actions may be sent from one user's client to another user's emulator session.

It is reported that the user may be able to inadvertently control the target user's application, resulting in 'data loss'. This is due to the keypresses from one client device being sent to the wrong application server.

This flaw reportedly can be triggered when the 'Maximum Users Per Engine' setting is changed from the default value of '1' to a larger value.

[Editor's note: It is not clear from the advisory whether a user's keypresses can be sent to a specific target user's session or only to a random user session.]

Impact:   An authenticated remote user may be able to cause keypresses to be sent to another user's emulator session.
Solution:   No solution was available at the time of this entry. However, the vendor plans to correct the vulnerability in the next release of the software.

As a workaround, an administrator can set the 'Maximum Users Per Engine' settings to the default value (of 1) by running the following command (as root):

/opt/tarantella/bin/tarantella config edit --xpe-maxusers 1 --cpe-maxusers 1

Vendor URL:  www.tarantella.com/security/bulletin-07.html (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS)

Message History:   None.


 Source Message Contents

Subject:  Tarantella Security Bulletin #07


http://www.tarantella.com/security/bulletin-07.html

Tarantella reported that a user of Tarantella Enterprise 3 may be able to send keypresses 
to a target user's emulator session.  The user may be able to inadvertently control the 
target user's application, resulting in 'data loss'.  This is due to the keypresses from 
one client device being sent to the wrong application server.

This flaw reportedly can be triggered when the 'Maximum Users Per Engine' setting is 
changed from the default value of '1'.

Tarantella Enterprise 3, versions 3.3x, 3.2x, 3.1x, and 3.0x are affected on all operating 
systems.

The vendor plans to correct the vulnerability in the next release of the software.

As a workaround, an administrator can set the 'Maximum Users Per Engine' settings to the 
default value (of 1) by running the following command (as root):

/opt/tarantella/bin/tarantella config edit --xpe-maxusers 1 --cpe-maxusers 1



-----

Internal reference: FZ604582
Revision history:
   1.1 (June 13, 2003): Bulletin created.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC