Info

Disclosure

Jun 27, 2006

Discovery

Unknown

Dates

Exploit

Jun 27, 2006

Solution

Unknown

Description

Hostflow Help Desk contains a flaw that may allow a malicious user to gain unauthorized access. The issue is triggered when an attacker gains access to the URL used by an authenticated user, which contains all necessary authentication information. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 2.5.2-0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Hostflow

Hostflow Helpdesk

2.2.1-15

References

CVE ID: 2006-3328 (see also: NVD)
Secunia Advisory ID: 20863
ISS X-Force ID: 27426
VUPEN Advisory: ADV-2006-2570
Mail List Post: http://attrition.org/pipermail/vim/2006-June/000913.html
Other Advisory URL: http://pridels.blogspot.com/2006/06/hostflow-vuln.html
Vendor URL: http://www.hostflow.com/

Credit

r0t - krustevsgooglemail.com - UNSECURED SYSTEMS

Direct URL: http://osvdb.org/36218