Secunia

sullo has reported some vulnerabilities in AlterPath Manager, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to disclose some system information.

1) An error in the restriction of consoles in "consoleConnect.jsp" can be exploited to connect to arbitrary consoles by specifying the console name in the "consolename" parameter.

The vulnerability has been reported in version 1.1.0 and partially in versions 1.2.0 and 1.2.1. In the 1.2.x versions, the user needs to have been priorly authorized to use the console and have connected to it.

2) A user can specify the "adminUser" parameter in "saveUser.do" and thereby gain administrative privileges when the user account is saved by setting the "adminUser" parameter to "true".

The vulnerability has been reported in version 1.1.0. It does reportedly not affect the 1.2.x versions.

3) The "/about.html" page can be accessed without authorisation, which can be exploited to disclose some system information (e.g. version numbers).

The vulnerability has been reported in version 1.1.0. It does reportedly not affect the 1.2.x versions.

Solution
Update to version 1.2.1.
Further details available in Customer Area

Provided and/or discovered by
sullo, CIRT.net

Changelog
Further details available in Customer Area

Original Advisory
http://www.cirt.net/advisories/alterpath_console.shtml
http://www.cirt.net/advisories/alterpath_privesc.shtml
http://www.cirt.net/advisories/alterpath_disclosure.shtml

Deep Links
Links available in Customer Area