ISS X-Force Database: adobe-log-password-disclosure(29441): Adobe Contribute Publishing Server log password disclosure

Adobe Contribute Publishing Server log password disclosure

adobe-log-password-disclosure (29441)

Medium Risk

Description:

Adobe Contribute Publishing Server could allow a remote attacker to obtain sensitive information. The administrator's password is written to various log files during installation. A local attacker could exploit this vulnerability to obtain the administrator password and gain administrative privileges on the system.

Platforms Affected:

FedoraProject, Fedora Core 2
Macromedia, Contribute Publishing Server
RedHat, Linux 7.2
RedHat, Linux 7.3
RedHat, Linux 8.0
RedHat, Linux 9.0
Sun, Solaris 7.0
Sun, Solaris 8
Sun, Solaris 9
SuSE, SuSE Linux 7.2
SuSE, SuSE Linux 7.3
SuSE, SuSE Linux 8.0

Remedy:

Refer to Adobe Security Bulletin Document APSB06-15 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Obtain Information

References:

APSB06-15, Workaround available for Contribute Publishing Server local information disclosure at http://www.adobe.com/support/security/bulletins/apsb06-15.html.
Contribute Publishing Server Web site, Adobe - Contribute : Contribute Publishing Server at http://www.adobe.com/products/contribute/server/.
BID-20439: Adobe Contribute Publishing Server Local Information Disclosure Vulnerability
CVE-2006-5199: Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server.
OSVDB ID: 29672: Adobe Contribute Publishing Server Installation Logfile Password Disclosure
SA22329: Adobe Contribute Publishing Server Logfile Password Disclosure
SECTRACK ID: 1017038: Adobe Contribute Publishing Server Discloses Administrative Password to Local Users
VUPEN/ADV-2006-4001: Adobe Macromedia Contribute Publishing Server Password Disclosure Weakness

Reported:

Oct 10, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page