Volution Client Authentication Failure Hijacking Vulnerability

Volution is a software package distributed by Caldera Systems. Volution is a remote system administration and management software package with includes such features and system resource monitoring and software management.

A problem with the Volution client makes it possible to hijack a Volution managed system. A system managed by Volution authenticates with an LDAP server to get data. However, if this fails, the client begins searching the local network for the Computer Creation Daemon.

This makes it possible for another Volution server on the local network to gain control of the Volution client, giving the Volution server full administrative access to the system.


 

Privacy Statement
Copyright 2010, SecurityFocus