Info

Disclosure

Apr 05, 2005

Discovery

Unknown

Dates

Exploit

Apr 15, 2005

Solution

Unknown

Description

DameWare NT Utilities contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when dumping the 'DNTUS26' process from memory into a file, which will disclose user name and password resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 3.8 or 4.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

DameWare Development LLC	DameWare NT Utilities	4.8
		4.7
		4.6
		4.5
		4.4
		4.2
		4.1
		4.0
		3.74.0.0
		3.73.0.0
		3.72.0.0
		3.71.0.0
		3.70.x.x
		3.69.x.x
		3.68.0.0
		3.67.x.x
		3.66.0.0
		3.65.0.0
		3.64.0.0
		3.63.0.0
		3.62.0.0
		3.61.0.0
		3.60.0.0
		3.51.x.x
		3.50.x.x
		3.49.x.x
		3.48.0.0
		3.46.0.0
		3.45.0.0
		3.44.0.0
		3.43.0.0
		3.42.0.0
		3.41.0.0
		3.21.0.0
		3.2.0.0
		3.1.0.0
		3.0.0.0

References

Security Tracker: 1013725
Bugtraq ID: 13200
Secunia Advisory ID: 14829
Related OSVDB ID: 15741
CVE ID: 2005-1166 (see also: NVD)
ISS X-Force ID: 20140
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0225.html
Vendor URL: http://www.dameware.com/
Vendor Specific Advisory URL: http://www.dameware.com/support/security/bulletin.asp?ID=SB5
Other Advisory URL: http://www.shellsec.net/leer_advisory.php?id=7

Credit

Jordi Corrales - jordishellsec.net - Shell Security

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

DameWare Development LLC

DameWare NT Utilities

References

Credit