[NEWS] Hughes Billing Incorrect File Permissions Allows Gaining of Elevated Privileges

From: SecuriTeam (support_at_securiteam.com)
Date: 07/31/03

  • Next message: SecuriTeam: "[NEWS] Multiple Vulnerabilities In Cisco AP1x00" 
    To: list@securiteam.com
Date: 31 Jul 2003 14:00:08 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Get Thawte's New Step-by-Step SSL Guide for Apache.
    In this guide you will find out how to test, purchase,
    install and use a Thawte Digital Certificate on you Apache web server.
    Throughout, best practices for set-up are highlighted to help you
    ensure efficient ongoing management of your encryption keys and digital
    certificates. Get you copy of this new guide now:
    http://ad.doubleclick.net/clk;5903117;8265118;i

    - - - - - - - - -

      Hughes Billing Incorrect File Permissions Allows Gaining of Elevated
    Privileges
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.hughesware.com/Billing/index.htm> Hughes Billing is online
    credit card processing. Hughes Billing offers a secure, real time, payment
    system for your web-based business. Due to incorrect security permissions
    set on sensitive files (used by the product) it is possible to gain
    elevated access (or gain access to other people's account).

    DETAILS

    A vulnerability in Hughes Billing allows remote attackers to gain access
    to two sensitive files, config and htpasswd. These two files contain
    sensitive information (directories, usernames, passwords, etc) and they
    are not properly protected from being accessed remotely.

    Example config file:
    userid, <unknown>, password file type, full path to the password file

    Example htpasswd file:
    userid, crypt() password

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:drponidi@indonesia.or.id>
    Dr`Ponidi.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Multiple Vulnerabilities In Cisco AP1x00"