SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Multimedia)  >   Keene Digital Media Server Vendors:   Keene Software Corporation
Keene Digital Media Server Discloses Files and Passwords to Remote Authenticated Users
SecurityTracker Alert ID:  1010928
SecurityTracker URL:  http://securitytracker.com/id/1010928
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 11 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.0.2
Description:   Ziv Kamir of Global Security Solution IT reported several vulnerabilities in the Keene Digital Media Server. A remote user can view files on the target system. A remote authenticated user can perform administrative tasks. A local user can view passwords.

It is reported that a remote user can view arbitrary files on the target system with the privileges of the Keene Digital Media Server by supplying a specially crafted request containing encoded directory traversal characters. A demonstration exploit URL is provided:

http://127.0.0.1:8080/dms/%2e%2e/%2e%2e/dmscore.db

A remote authenticated user can perform administrative functions with the following type of URL:

http://127.0.0.1:8080/dms/adminusers.kspx

It is also reported that a local user can view usernames and passwords stored in the following file:

\Program Files\Keene Software\Digital Media Server\dmscore.db

The vendor was reportedly notified on August 4, 2004.

Impact:   A remote user can view files on the target system with the privileges of the Keene Digital Media Server.

A remote authenticated user can perform administrative tasks.

A local user can view passwords.

Solution:   The vendor plans to release a fixed version (1.0.4), to be available shortly at:

http://www.keenesoftware.com/

Vendor URL:  www.keenesoftware.com/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Keene Digital Media Server


--0-1804598178-1092219546=:2555
Content-Type: multipart/alternative; boundary="0-841080424-1092219546=:2555"

--0-841080424-1092219546=:2555
Content-Type: text/plain; charset=us-ascii

  
		
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
--0-841080424-1092219546=:2555
Content-Type: text/html; charset=us-ascii

 
 <p>
		<hr size=1>Do you Yahoo!?<br>
<a href="http://us.rd.yahoo.com/mail_us/taglines/50x/*http://promotions.yahoo.com/new_mail/static/efficiency.html">Yahoo! Mail</a> - 50x more storage than other providers!
--0-841080424-1092219546=:2555--
--0-1804598178-1092219546=:2555
Content-Type: text/plain; name="DMS.txt"
Content-Description: DMS.txt
Content-Disposition: inline; filename="DMS.txt"

11/08/04


====================================
 GSSIT - Global Security Solution IT
====================================				

-------------------------------------------------------

Application: Keene Digital Media Server 
Web Site:    http://www.keenesoftware.com/
Versions:    1.0.2
Platform:    Windows
Bugs:        1) Clear Text Passwords .
             2) Directory Traversal .
             3) Authorization .


Credits:
########

#########################################
#         ==  Ziv Kamir ==              #
#                                       #
# GSSIT - Global Security Solution IT   #                   
#                                       #
#     Email : gss_it@yahoo.com          #
#                                       #
#                                       #
#########################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


===============
1) Introduction
===============

Keene Digital Media Server is the easiest way to 
share or view your library of digital pictures, music, videos or any computer files over the web. 


=======
2) Bugs
=======

1)

Keene Digital Media Server stores usernames and passwords in clear text under :

\Program Files\Keene Software\Digital Media Server\dmscore.db

3) 

Any authenticated user can Perform Administrative Tasks.



===========
3) The Code
===========

2) http://127.0.0.1:8080/dms/%2e%2e/%2e%2e/dmscore.db

3) http://127.0.0.1:8080/dms/adminusers.kspx


===========
4) The Fix
===========

Date of Vendor Notification:

04-08-04

Status:

08-08-04
  
This is being addressed in our next patch release, 1.0.4, which should be released in about a week or so.


==============================================================================================

                 *** The Data is for educational purpose only. *** 

     The information in this bulletin is provided "AS IS" without warranty of any 
     kind. In no event shall we be liable for any damages whatsoever including 
     direct, indirect, incidental, consequential, loss of business profits or special damages. 

==============================================================================================
--0-1804598178-1092219546=:2555--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC