InfoVista VistaPortal Discloses Files and Path to Remote Users
SecurityTracker Alert ID: 1015669|
SecurityTracker URL: http://securitytracker.com/id/1015669
(Links to External Site)
Date: Feb 23 2006
Disclosure of system information, Disclosure of user information|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 2.0 Build 20087|
A vulnerability was reported in InfoVista VistaPortal. A remote user can view arbitrary files on the target system.|
A remote user can supply a specially crafted URL to view files on the target system. Because the software runs with root user privileges (on Solaris), any file can be viewed.
A remote user can specify a non-existent server in the server field to cause the server to disclose the full directory path.
The vendor was notified on January 20, 2006.
P Robinson of IRM discovered this vulnerability.
A remote user can view arbitrary files on the target system.|
A remote user can determine the installation path.
The vendor has issued a hotfix (IV00038969) for the directory traversal vulnerability.|
No solution for the path disclosure vulnerability was available at the time of this entry.
Vendor URL: www.infovista.com/products/product_list.asp#vistaportal (Links to External Site)
Access control error|
|Underlying OS: UNIX (Solaris - SunOS), Windows (2000)|
Source Message Contents
Subject: IRM 017: Multiple Vulnerabilities in Infovista Portal SE|
IRM Security Advisory No. 017
Multiple Vulnerabilities in Infovista Portal SE
Vulnerability Type / Importance: Directory Traversal / High
Information Leakage / Low
Problem Discovered: January 20th 2006
Vendor Contacted: January 20th 2006
Advisory Published: February 22nd 2006
VistaPortal enables secure, browser-based access to service-centric
performance information. The easy implementation, display and design of
Portal-based dashboards and reports give accurate visibility into the
performance of the entire global IT infrastructure. VistaPortal allows users
to simultaneously view Key Performance Indicators (KPIs), real-time
performance notifications and strategic business information, from which
users can drill down to related real-time and historical reports residing in
VistaMart, the InfoVista Server and VistaTroubleshooter. VistaPortal
delivers rich, interactive content within a standards-based, open
architecture that allows seamless integration with existing applications and
easy incorporation of information into other Web Portals.
PortalSE allows a remote attacker to read any file on the filesystem as it
runs with root privileges by default. It is also susceptible to a directory
During a recent research engagement IRM found multiple vulnerabilites in the
Infovista PortalSE software. Using specially crafted URLs it is possible to
read any file on the filesystem. This is due to the product running with
super-user privileges so it is possible to gain the system's password
Additionally, when selecting a non-existent server in the server field then
the response reveals a full directory path, which can be useful to an
attacker in fingerprinting the underlying operating system and directory
An error occured while accessing the report '<nonexistentserver>_31457':
No Such Report Generated For You
[-] Hide details
(No such file or directory)
(No such file or directory)
Vendor & Patch Information:
The vendor has released a hotfix for the directory traversal issue
(IV00038969) which should be applied. The vendor does not deem the
information leakage of the directory path an issue and has not released a
hotfix for this.
PortalSE 2.0 Build 20087 on Solaris 8
Research & Advisory: P Robinson
All information in this advisory is provided on an 'as is' basis in the hope
that it will be useful. Information Risk Management Plc is not responsible
for any risks or occurrences caused by the application of this information.