SecurityTracker.com Archives - Keene Digital Media Server Discloses Files and Passwords to Remote Authenticated Users

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Multimedia) > Keene Digital Media Server

Vendors: Keene Software Corporation

Keene Digital Media Server Discloses Files and Passwords to Remote Authenticated Users

SecurityTracker Alert ID: 1010928

SecurityTracker URL: http://securitytracker.com/id?1010928

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Aug 11 2004

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network

Exploit Included: Yes Vendor Confirmed: Yes

Advisory: Global Security Solution IT (GSSIT)

Version(s): 1.0.2

Description: Ziv Kamir of Global Security Solution IT reported several vulnerabilities in the Keene Digital Media Server. A remote user can view files on the target system. A remote authenticated user can perform administrative tasks. A local user can view passwords.

It is reported that a remote user can view arbitrary files on the target system with the privileges of the Keene Digital Media Server by supplying a specially crafted request containing encoded directory traversal characters. A demonstration exploit URL is provided:

http://127.0.0.1:8080/dms/%2e%2e/ %2e%2e/dmscore.db

A remote authenticated user can perform administrative functions with the following type of URL:

http://127.0.0.1:8080/dms/adminusers.kspx

It is also reported that a local user can view usernames and passwords stored in the following file:

\Program Files\Keene Software\Digital Media Server\dmscore.db

The vendor was reportedly notified on August 4, 2004.

Impact: A remote user can view files on the target system with the privileges of the Keene Digital Media Server.

A remote authenticated user can perform administrative tasks.

A local user can view passwords.

Solution: The vendor plans to release a fixed version (1.0.4), to be available shortly at:

http://www.keenesoftware.com/

Vendor URL: www.keenesoftware.com/ (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Windows (Any)

Reported By: GSS IT <gss_it@yahoo.com>

Message History: None.

Source Message Contents

Date: Wed, 11 Aug 2004 03:19:06 -0700 (PDT)
From: GSS IT <gss_it@yahoo.com>
Subject: Keene Digital Media Server

 
 
--0-1804598178-1092219546=:2555
Content-Type: multipart/alternative; boundary="0-841080424-1092219546=:2555"
 
--0-841080424-1092219546=:2555
Content-Type: text/plain; charset=us-ascii
 
  
		
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
--0-841080424-1092219546=:2555
Content-Type: text/html; charset=us-ascii
 
 
 <p>
		<hr size=1>Do you Yahoo!?<br>
<a href="http://us.rd.yahoo.com/mail_us/taglines/50x/*http://promotions.yahoo.com/new_mail/st
atic/efficiency.html">Yahoo! Mail</a> - 50x more storage than other providers!
--0-841080424-1092219546=:2555--
--0-1804598178-1092219546=:2555
Content-Type: text/plain; name="DMS.txt"
Content-Description: DMS.txt
Content-Disposition: inline; filename="DMS.txt"
 
11/08/04
 
 
====================================
 GSSIT - Global Security Solution IT
====================================				
 
-------------------------------------------------------
 
Application: Keene Digital Media Server 
Web Site:    http://www.keenesoftware.com/
Versions:    1.0.2
Platform:    Windows
Bugs:        1) Clear Text Passwords .
             2) Directory Traversal .
             3) Authorization .
 
 
Credits:
########
 
#########################################
#         ==  Ziv Kamir ==              #
#                                       #
# GSSIT - Global Security Solution IT   #                   
#                                       #
#     Email : gss_it@yahoo.com          #
#                                       #
#                                       #
#########################################
 
---------------------
 
1) Introduction
2) Bug
3) The Code
4) Fix
 
 
===============
1) Introduction
===============
 
Keene Digital Media Server is the easiest way to 
share or view your library of digital pictures, music, videos or any computer files over the web. 
 
 
=======
2) Bugs
=======
 
1)
 
Keene Digital Media Server stores usernames and passwords in clear text under :
 
\Program Files\Keene Software\Digital Media Server\dmscore.db
 
3) 
 
Any authenticated user can Perform Administrative Tasks.
 
 
 
===========
3) The Code
===========
 
2) http://127.0.0.1:8080/dms/%2e%2e/%2e%2e/dmscore.db
 
3) http://127.0.0.1:8080/dms/adminusers.kspx
 
 
===========
4) The Fix
===========
 
Date of Vendor Notification:
 
04-08-04
 
Status:
 
08-08-04
  
This is being addressed in our next patch release, 1.0.4, which should be released in about a week or
 so.
 
 
==============================================================================================
 
                 *** The Data is for educational purpose only. *** 
 
     The information in this bulletin is provided "AS IS" without warranty of any 
     kind. In no event shall we be liable for any damages whatsoever including 
     direct, indirect, incidental, consequential, loss of business profits or special damages. 
 
==============================================================================================
--0-1804598178-1092219546=:2555--

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC