Hummingbird Exceed Xconfig bypass security
| exceed-xconfig-bypass-security (16221) |  High Risk |
Description:
Hummingbird Exceed X could allow a local attacker to bypass security restrictions, caused by a vulnerability in Xconfig. A local attacker can exploit Xconfig to edit settings that are disabled through the Mandatory Setting list and bypass security restrictions.
Consequences:
Bypass Security
Remedy:
Apply the appropriate patch for your system, available from the Hummingbird Ltd. Web page. See References.
References:
- Hummingbird Web site: Hummingbird Technical Support.
- BID-10393: Hummingbird Exceed Xconfig Access Validation Vulnerability
- CVE-2004-2258: Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
- OSVDB ID: 6304: Exceed Xconfig Setting Edit Permission Bypass
- SA11678: Exceed Xconfig Setting Editing Restriction Bypass
Platforms Affected:
- Hummingbird Exceed 9.0
Reported:
May 21, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net