HP Quality Center vulnerability Feb 23 2009 10:47AM
info exposit co uk (1 replies)
Re: HP Quality Center vulnerability Feb 24 2009 11:19PM
Pavel Kankovsky (peak argo troja mff cuni cz)
On Mon, 23 Feb 2009 info (at) exposit.co (dot) uk [email concealed] wrote:

> The front-end of the application is composed of COM components that plug
> into the web browser. [...]
> In order to optimize the interaction speed of the application, a cache
> folder is created on the client machine. [...] Indeed, those files are
> required on the client machine because the workflow is execute on the
> client, not on the server. [...]
> If a user modifies this file and then mark it as read-only, he can
> execute arbitrary code. As the OTA API allows access to the database, he
> can also modify the data stored in the database as follows:

You say you can execute arbitrary code on your computer (under your own
account)? What an amazing exploit! (pun intended)

Any client-server application depending on the client side not being
messed with by its user is *broken by design*. It does not matter
whether the messing in question is easy (like putting a VB script in the
right directory) or difficult (like attaching a debugger to a running
process and flipping bits in its memory space).

> Please note that HP has released a patch that fixes this issue, please
> contact HP support for further details.

I wonder what kind of fix has been released. Does anyone think they solved
the REAL problem?

--
Pavel Kankovsky aka Peak / Jeremiah 9:21 "For death is come up into our MS Windows(tm)..." \ 21th century edition /

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus