[VulnWatch] Nate User Password Disclosed By Anonymous

• Previous message: iDEFENSE Labs: "[VulnWatch] iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>, <full-disclosure@lists.grok.org.uk>
Date: Fri, 5 Aug 2005 10:55:56 +0800

Dear lists

----------------------[Cut Cut]---------------------------------------------

Title: Nate User Password Disclosed By Anonymous

Discoverer: PARK, GYU TAE (saintlinu@null2root.org)

Advisory No.: NRVA05-06

Critical: High Critical

Impact: User Information disclosed by unauthorized user

Where: From remote

Operating System: N / A

Solution: Patched

Workaround: N / A

Notice: 08. 01. 2005 Initiate notified

                   08. 04. 2005 Vendor responded and patched

                   08. 05. 2005 Disclosure vulnerability

Description:

The Nate is portal service such as MSN, YAHOO on the Web in KOREA.

And interlocked NateOn Messenger (See a NRVA05-02)

When user requests URI on the NateWeb then shown up just like HTML document

but particular URI had included DEBUG CODE for Web-Programmer

Unfortunately DEBUG CODE is an USER'S INFORMATION like password

See following detail describe:

NOT INCLUDED HERE

----------------------[Cut Cut]---------------------------------------------

Cheers

        
                
________________________________________________________
¹«·á 1GB¿ë·®!, ´õ ÀÌ»ó ¿ë·® °í¹Î¾ø´Â - ¾ßÈÄ! ¸ÞÀÏ (http://mail.yahoo.co.kr)
ÃֽŠÈÞ´ëÆù Á¤º¸, º§¼Ò¸®, ij¸¯ÅÍ, ¹®ÀÚ¸Þ¼¼Áö - ¾ßÈÄ! ¸ð¹ÙÀÏ (http://kr.mobile.yahoo.com)
´ëÇѹα¹ ºí·Î±×°¡ ¸ðÀÎ °÷! - ¾ßÈÄ! ÇÇÇøµ(http://kr.ring.yahoo.com)

• Previous message: iDEFENSE Labs: "[VulnWatch] iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]