Specifications
SAFER – Vol. 3, Issue 6 23 © 2000 The Relay Group
Gossamer Threads DBMan Information Leakage Vulnerability
Released May 05, 2000
Affects DBMan 2.0.4
Reference http://www.securityfocus.com/bid/1178
Problem
- Requesting an invalid database file from a web server implementing Gossamer Threads DBMan
scripts will return a CGI error message containing environmental variables to a remote user
without any authorization.
- The parameters displayed include the local document root path, server administrator account
name, web server software, platform, etc.
SAFER
- Gossamer Threads has released the solution.
Aladdin Knowledge Systems eToken PIN Extraction Vulnerability
Released May 04, 2000
Affects Aladdin Knowledge Systems eToken 3.3.3x
Reference http://www.securityfocus.com/bid/1170
Problem
- Access to the eToken device itself and entering the PIN number encoded in the eToken will grant
authorization to a local user. The PIN number can be reset to the default value with the use of
standard device programmers. This can be done by physically opening the eToken device (which
can be done without leaving any trace or evidence of tampering) and copying the default PIN
value to the location used to store either the user PIN or administrator PIN in the serial EEPROM.
SAFER
- Vendor is working on a patch.
Netwin Dmailweb Server utoken Buffer Overflow Vulnerability
Released May 04, 2000
Affects NetWin DMail 2.5d
Reference http://www.securityfocus.com/bid/1171
Problem
- By providing a specially crafted, abnormally long "utoken" variable value it is possible to exploit an
unchecked buffer and run arbitrary code on the Dmailweb server.
SAFER
- Netwin has release patches to rectify this issue.
Aladdin eToken 3.3.3.x Hardware USB Key Private Data Extraction
Released May 04, 2000
Affects Aladdin eToken USB Key 3.3.3.x
Reference http://www.L0pht.com/
Problem
- The attack requires physical access to the device circuit board and will allow all private information
to be read from the device without knowing the PIN number of the legitimate user. By using any
number of low-cost, industry-standard device programmers to modify the unprotected external
memory, the User PIN can be changed back to a default PIN. This will allow the attacker to
successfully login to the eToken and access all public and private data. A homebrew device
programmer could be built for under $10 and commercial device programmers are available from
a number of companies ranging in cost from $25 to $1000.
- Users must be aware that the PIN number can be bypassed and should not trust the security of
the token if it is not always directly in their possession. If a legitimate user loses their USB key, all
data, including the private information, needs to be considered to have been compromised.
SAFER
- Vendor is working on a patch.