Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4148

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4148
Last Modified 07 Mar 2011 09:27:46
Published 10 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4148

Summary

Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.

Vulnerable Systems

Application

  • Lyris Technologies Inc Listmanager 5.0

  • Lyris Technologies Inc Listmanager 6.0

  • Lyris Technologies Inc Listmanager 7.0

  • Lyris Technologies Inc Listmanager 8.0

  • Lyris Technologies Inc Listmanager 8.8a


References

SECUNIA - 17943

VUPEN - ADV-2005-2820

BID - 15789

OSVDB - 21552

MISC - http://metasploit.com/research/vulns/lyris_listmanager/

FULLDISC - 20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer

BUGTRAQ - 20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer


Last Updated: 27 May 2016 10:41:12