Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Progress Database file disclosure vulnerability

Progress Database file disclosure vulnerability

by Mario Miri on April 9th, 2003 It has been reported that some versions of Progress Database which are installed suid, are prone to file disclosure attack. A local user could specify arbitrary configuration file. If an error is encountered during opening of the file, Progress Database displays the contents of the file within the error message.


Vulnerable:
Progress Database 8.3 V:
Progress Database 8.3 E:
Progress Database 8.3 D:
Progress Database 9.1 D:
Progress Database 9.1 C:
Progress Database 9.1 B:


Solution:
Currently there are no vendor supplied patches.
A suggested workaround is to remove suid bit from the binary (which my interfere with normal operation).


Discovered by:
KF, [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »