Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2357

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-2357
Last Modified 09 Jul 2009 12:00:00
Published 07 Jul 2009 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2357

Summary

The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.

Vulnerable Systems

Application

  • Yasinkaplan Tekradius 3.0


References

VUPEN - ADV-2009-1816

BUGTRAQ - 20090706 Medium security hole in TekRADIUS

MISC - http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56


Last Updated: 27 May 2016 10:50:52