Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password

2006-06-02 / 2006-06-03
Credit: Cemil Degirmenci (cd wavecon de)
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-2738
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory Name Open-Xchange defaultuser with /bin/bash Vendor Open-Xchange Inc. Product Open-Xchange Version < 0.8.2 Author Cemil Degirmenci Risk high o Description: ======================= The OPEN-XCHANGE Collaboration and Integration Server Environment allows you to store appointments, contacts, tasks, email messages, bookmarks, documents, and many more elements, and share them with other users. It can be accessed via any modern Web browser and multiple fat clients like MS Outlook, Palm devices, KDE Kontact, Apple's iCAL, Konqueror, Mozilla Calendar, any many more, based on open standards and interfaces. Third party products can access this application over many different interfaces such as WebDAV (XML), LDAP, iCal, an API, and HTTP/S o Vulnerability ======================= There is a defaultuser with username "mailadmin" and password "secret" in Open-Xchange-LDAP. dn: uid=mailadmin,ou=Users,ou=OxObjects,dc=example,dc=org objectClass: top objectClass: shadowAccount objectClass: posixAccount objectClass: person objectClass: inetOrgPerson objectClass: OXUserObject uidNumber: 1001 homeDirectory: /home/mailadmin/ loginShell: /bin/bash mailEnabled: OK gidNumber: 500 mailDomain: example.org ou: Administration uid: mailadmin sn: Admin preferredLanguage: EN mail: mailadmin (at) example (dot) org [email concealed] o: Example Organization smtpServer: localhost imapServer: localhost alias: postmaster (at) example (dot) org [email concealed] alias: root (at) example (dot) org [email concealed] givenName: Admin cn: Admin Admin shadowMin: 0 shadowMax: 9999 shadowWarning: 7 shadowExpire: 0 userPassword: secret OXAppointmentDays: 5 OXGroupID: 500 OXTaskDays: 5 OXTimeZone: Europe/Berlin This vulnerability only appears in the opensource version of Open-Xchange o Solution ======================= Be aware before you activate Unix-Authentification against Open-Xchange and change the password and loginshell of this user. Don't trust default-installations at all. o Reference ======================= http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815 o Notes ======================= The vendor was informed 2006-05-18. There was also a news on the german newssite golem.de on 2006-05-19 (http://www.golem.de/0605/45407.html) - -- Wavecon IT-Solutions GbR Frankenstrasse 9 - 90762 Fuerth Email: support (at) wavecon (dot) de [email concealed] - Web: http://www.wavecon.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEd1aLudsr6D13pqsRAoxcAJsGQz5ccJUeLBjLI0gX//t8l2hEYwCgkGb2 ah1cR+Jvf+bClo3zmPUo97k= =Cba0 -----END PGP SIGNATURE-----


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top