Info

Disclosure

Jan 28, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

CitrusDB contains a flaw related to the credit card data import/export functions that may allow an attacker to gain access to that data. No further details have been provided.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.3.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

CitrusDB	CitrusDB	0.1
		0.3.1
		0.3
		0.2.1
		0.2
		0.3.6
		0.3.5
		0.1.2

References

Security Tracker: 1013040
CVE ID: 2005-0229 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0217.html
Vendor Specific News/Changelog Entry: http://citrusdb.org/forums/viewtopic.php?t=49&sid=95ed377e00e1a06f4af6071771537d4 ......
http://sourceforge.net/project/shownotes.php?release_id=300651
Vendor URL: http://www.citrusdb.org/
Vendor Specific Solution URL: http://www.citrusdb.org/download.php
Other Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt

Credit

hobbestec - CitrusDB

Direct URL: http://osvdb.org/36218