[NT] JBoot Password Bypassing Vulnerability

support_at_securiteam.com
Date: 04/28/03

  • Next message: support_at_securiteam.com: "[UNIX] Options Parsing Tool Shared Library Vulnerability" 
    To: list@securiteam.com
Date: 28 Apr 2003 11:09:37 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    In the US?

    Contact Beyond Security at our new California office
    housewarming rates on automated network vulnerability
    scanning. We also welcome ISPs and other resellers!

    Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
    - - - - - - - - -

      JBoot Password Bypassing Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

     <http://jdyne.hypermart.net/software/jboot.html> JBoot is "the result of
    several years of our attempts to secure our computer from unwanted
    visitors". The product has been found to be vulnerable to two bypassing
    methods allowing local users unlimited access to the computer.

    DETAILS

    Vulnerable systems:
     * JBoot version 6.1

    Method #1:
    NOTE: When you turn on your computer, it will run 'jboot6.exe' program. It
    will ask you to enter password.

    1. Place any Windows Startup Floppy (95/98/ME)
    2. Boot from it to a DOS prompt.
    3. Type 'c:' and press enter, then type 'cd \jboot'.
    4. Type 'edit syspass.inf', and just delete the password found there.
    5. Restart your computer, it will show you an error to change the
    password, you can simply ignore that, and click enter.

    Method #2:
    1. Place any Windows Startup Floppy (95/98/ME)
    2. Boot from floppy to dos prompt.
    3. Type 'c:\jboot\change.exe', and change the password.
    4. Login with your new password.

    Vendor status:
    The vendor's email support is based on FormMail that is badly configured,
    not allowing you to send comments regarding the product.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:shadowspoof@phreaker.net>
    ShadowSpoof.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: support_at_securiteam.com: "[UNIX] Options Parsing Tool Shared Library Vulnerability"

    Relevant Pages

    • [EXPL] Apache Multiple Space Header DoS (Multi-Threaded Exploit)
      ... The exploit code below is another version of the Apache 2.0.52 DoS ... vulnerability published previously here: ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [EXPL] Suid Application Execution May Give Local Root (Exploit Code)
      ... It is possible for a local user under the FreeBSD operating system to ... For more information about the vulnerability please see: ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [NT] Texis Sensitive Information Leak
      ... housewarming rates on automated network vulnerability ... The Texis program executes files written in Texis Web Script (a.k.a. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [UNIX] Album.pl Vulnerable to Remote Command Execution
      ... housewarming rates on automated network vulnerability ... Vendor Response: ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [NT] GiantRat Mailer Exposes Plain Text POP Password
      ... A vulnerability in the product allows local attackers to gain ... effective 03/13/2003 that scrambles the password in the .ini file. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)