BugTraq
Back to list
|
Post reply
DBTools' DBManager Information Leak Vulnerability
Mar 07 2003 07:08AM
Ignacio Vazquez (infosecmanager centaura com ar)
Centaura Technologies Security Research Lab Advisory
Product Name: DBTools DBManager Professional
Systems: Windows 9x/NT/2000/2003 Server
Severity: Medium
Remote: No
Category: Information Leak
Vendor URL: http://www.dbtools.com.br
Advisory Author: Ignacio Vazquez
Advisory URL: http://www.centaura.com.ar/infosec/adv/dbmanagerpro.txt
Revised-Date: March 7, 2003
Advisory Code: CTADVILB004
.:Introduction
"The DBManager Professional is the most powerful application
for MySQL and PostgreSQL It is rich of features. It comes in
two editions to help you choose the one that will fit your needs:
Freeware and Enterprise"
.: Impact
Any local user can retrieve MySQL and PostgreSQL connection information
like DB hosts, usernames and passwords without any restriction.
.: Description
DBTools DBManager Pro stores its link information in the
sys_servers table located in catalog.mdb (MS JET database) file usually
within the "DATA" directory in the program folder.
(C:\Program Files\DBTools Software\DBManager Professional\DATA)
This table contains server_id, server_name, server_type, host, and port,
user and password fields, from where a local attacker can gain useful
information regarding the db engines.
The fields in this database are NOT encrypted, letting any user with
read access retrieve this data. catalog.mdb is readable to all users by
default so virtually any user within the system can open this file.
.: Official Fix Information
The vendor has been contacted but no fix has been released yet.
-----
Ignacio Vazquez
<ivazquez (at) centaura.com (dot) ar [email concealed]>
Director of Technology
Security Labs Manager
Centaura Technologies
http://www.centaura.com.ar
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Product Name: DBTools DBManager Professional
Systems: Windows 9x/NT/2000/2003 Server
Severity: Medium
Remote: No
Category: Information Leak
Vendor URL: http://www.dbtools.com.br
Advisory Author: Ignacio Vazquez
Advisory URL: http://www.centaura.com.ar/infosec/adv/dbmanagerpro.txt
Revised-Date: March 7, 2003
Advisory Code: CTADVILB004
.:Introduction
"The DBManager Professional is the most powerful application
for MySQL and PostgreSQL It is rich of features. It comes in
two editions to help you choose the one that will fit your needs:
Freeware and Enterprise"
.: Impact
Any local user can retrieve MySQL and PostgreSQL connection information
like DB hosts, usernames and passwords without any restriction.
.: Description
DBTools DBManager Pro stores its link information in the
sys_servers table located in catalog.mdb (MS JET database) file usually
within the "DATA" directory in the program folder.
(C:\Program Files\DBTools Software\DBManager Professional\DATA)
This table contains server_id, server_name, server_type, host, and port,
user and password fields, from where a local attacker can gain useful
information regarding the db engines.
The fields in this database are NOT encrypted, letting any user with
read access retrieve this data. catalog.mdb is readable to all users by
default so virtually any user within the system can open this file.
.: Official Fix Information
The vendor has been contacted but no fix has been released yet.
-----
Ignacio Vazquez
<ivazquez (at) centaura.com (dot) ar [email concealed]>
Director of Technology
Security Labs Manager
Centaura Technologies
http://www.centaura.com.ar
[ reply ]