SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   Attachmate Reflection Vendors:   AttachmateWRQ
Reflection for Secure IT Multiple Bugs May Let Local Users Obtain Host Keys or Let Remote Users Access Certain Accounts or Systems
SecurityTracker Alert ID:  1014835
SecurityTracker URL:  http://securitytracker.com/id/1014835
CVE Reference:   CVE-2005-2770, CVE-2005-2771   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Sep 1 2005
Impact:   Disclosure of authentication information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Server Version 6.0
Description:   Several vulnerabilities were reported in Reflection for Secure IT. A local user or remote authenticated user can obtain the host key. A remote user may be able to access a renamed account. Allow/deny lists may not be enforced as intended.

The software does not set proper file permissions on the host private key. A local user or a remote authenticated user can access the host key without having the required administrative privileges. The user can copy this key and then install the key on a malicious server to masquerade as the original server.

If the built-in Microsoft Windows Server 2003 and Microsoft Windows 2000 Server 'Administrator' and 'Guest' accounts have been configured for SSH public key authentication and the accounts are subsequently renamed, then a remote user that had successfully authenticated to the original account names can access the system with their existing key.

The software evaluates regular expressions in a case sensitive manner. However, versions prior to 6.0 evaluated regular expressions in a case insensitive manner. As a result, allow or deny lists created under earlier versions may no longer enforce the intended results in version 6.0.

Impact:   A local user or remote authenticated user can obtain the host key and use this key to masquerade as the target server.

A remote previously authenticated user may be able to access a renamed account.

Allow/deny lists may not be enforced as intended.

Solution:   The vendor has described workaround options for the vulnerabilities. The vendor's advisory is available at:

http://support.wrq.com/techdocs/1867.html

A fix is available for the regular expression vulnerability and the host key permission vulnerability (6.0 Build 24).

Vendor URL:  support.wrq.com/techdocs/1867.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC