Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4458

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2005-4458
Last Modified 07 Mar 2011 09:28:18
Published 21 Dec 2005 06:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2005-4458

Summary

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

Vulnerable Systems

Application

  • Metadot Portal Server 5.5.2.1

  • Metadot Portal Server 5.6.4

  • Metadot Portal Server 5.6.4.1

  • Metadot Portal Server 5.6.4.2

  • Metadot Portal Server 5.6.4.3

  • Metadot Portal Server 5.6.5

  • Metadot Portal Server 5.6.5.1

  • Metadot Portal Server 5.6.5.2

  • Metadot Portal Server 5.6.5.3

  • Metadot Portal Server 5.6.5.3.1

  • Metadot Portal Server 5.6.5.4b5

  • Metadot Portal Server 5.6.6

  • Metadot Portal Server 6.4

  • Metadot Portal Server 6.4.1

  • Metadot Portal Server 6.4.2

  • Metadot Portal Server 6.4.3

  • Metadot Portal Server 6.4.4


References

BID - 15975

FULLDISC - 20051220 Vulnerability in Metadot portal server allows users to gain administrative privileges

VUPEN - ADV-2005-3030

CONFIRM - http://www.metadot.com/metadot/index.pl?iid=2632

XF - metadot-user-gain-privileges(23847)

OSVDB - 22014

SREASON - 287

SECUNIA - 18137


Last Updated: 27 May 2016 10:41:18