|
Saleslogix Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA12883
|
|
|
Release Date:
|
2004-10-19
|
|
Last Update:
|
2005-02-22
|
|
Popularity:
|
6,781 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Spoofing
Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | SalesLogix 6.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Carl Livitt has reported some vulnerabilities in SalesLogix, which can be exploited by malicious people to spoof users, cause a DoS (Denial of Service), disclose system and sensitive information, conduct SQL injection, bypass certain security restrictions, and potentially compromise a vulnerable system.
1) A design error in the handling of user sessions can be exploited to bypass the user authentication and log in as an arbitrary user without knowing the password by manipulating user information stored in a cookie.
2) Some input validation errors when processing invalid requests can cause the request handling process to crash in "slxweb.dll" and return an error response disclosing the full path to the script.
3) Input passed to the "id" parameter in "slxweb.dll/view" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) Some sensitive system information is sent to the client, which can e.g. be exploited to gain knowledge of username and password for the database.
5) The SLX protocol used for communication between clients and servers does not protect against man-in-the-middle attacks. This can be exploited to gain knowledge of sensitive information.
6) The server does not authenticate users when receiving incoming requests to port 1707/tcp. This can be exploited to pass arbitrary SLX commands to the server and disclose sensitive information.
7) An input validation error in "ProcessQueueFile" can be exploited to upload files to arbitrary locations via directory traversal attacks.
The vulnerabilities have been reported in version 6.1. Other versions may also be affected.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
