Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and d

from [Cemil Degirmenci] Network Security [Permanent Link]
Subject: Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password
Date: Fri, 26 May 2006 21:27:07 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory Name                   Open-Xchange defaultuser with /bin/bash
Vendor                          Open-Xchange Inc.
Product                         Open-Xchange
Version                         < 0.8.2
Author                          Cemil Degirmenci
Risk                            high


o Description:
=======================

The OPEN-XCHANGE Collaboration and Integration Server Environment allows
you to store appointments, contacts, tasks, email messages, bookmarks,
documents, and many more elements, and share them with other users. It
can be accessed via any modern Web browser and multiple fat clients like
MS Outlook, Palm devices, KDE Kontact, Apple's iCAL, Konqueror, Mozilla
Calendar, any many more, based on open standards and interfaces. Third
party products can access this application over many different
interfaces such as WebDAV (XML), LDAP, iCal, an API, and HTTP/S


o Vulnerability
=======================

There is a defaultuser with username "mailadmin" and password "secret"
in Open-Xchange-LDAP.

dn: uid=mailadmin,ou=Users,ou=OxObjects,dc=example,dc=org
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: OXUserObject
uidNumber: 1001
homeDirectory: /home/mailadmin/
loginShell: /bin/bash
mailEnabled: OK
gidNumber: 500
mailDomain: example.org
ou: Administration
uid: mailadmin
sn: Admin
preferredLanguage: EN
mail: mailadmin@example.org
o: Example Organization
smtpServer: localhost
imapServer: localhost
alias: postmaster@example.org
alias: root@example.org
givenName: Admin
cn: Admin Admin
shadowMin: 0
shadowMax: 9999
shadowWarning: 7
shadowExpire: 0
userPassword: secret
OXAppointmentDays: 5
OXGroupID: 500
OXTaskDays: 5
OXTimeZone: Europe/Berlin

This vulnerability only appears in the opensource version of Open-Xchange

o Solution
=======================
Be aware before you activate Unix-Authentification against Open-Xchange
and change the password and loginshell of this user. Don't trust
default-installations at all.


o Reference
=======================
http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815


o Notes
=======================
The vendor was informed 2006-05-18. There was also a news on the german
newssite golem.de on 2006-05-19 (http://www.golem.de/0605/45407.html)

- --
Wavecon IT-Solutions GbR
Frankenstrasse 9 - 90762 Fuerth
Email: support@wavecon.de - Web: http://www.wavecon.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEd1aLudsr6D13pqsRAoxcAJsGQz5ccJUeLBjLI0gX//t8l2hEYwCgkGb2
ah1cR+Jvf+bClo3zmPUo97k=
=Cba0
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password, Cemil Degirmenci <=
Previous by Date:  cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4, cxib
Next by Date:  Symantec antivirus software exposes computers, Michael Scheidell
Previous by Thread:  cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4, cxib
Next by Thread:  Symantec antivirus software exposes computers, Michael Scheidell
Indexes:  [Date] [Thread] [Top] [All Lists]