Vulnerability in IBM access

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Vulnerability in IBM access
From: sylvain.roger@xxxxxxxxxx
Date: 26 Jul 2005 09:46:44 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello, 

I would like to make to Bugtraq knowledge the existence of a security 
vulnerability in IBM access software. IBM access is vulnerable to a Shared 
Section vulnerability. The processes QCWLICON.exe and QCTRAY.exe have the 
section \BaseNamedObjects\QCONDB with invalid rights which allows everyone to 
read the configuration of all connections and to write arbitrary data to create 
a dos against the application. 
This could be shown with the Process Explorer tool by sysinternal and used by 
the ListSS, DumpSS and TestSS tools written by C Cerrudo. 
Regards, 

Sylvain ROGER
Security Consultant
http://www.solucom.fr

Prev by Date: fetchmail security announcement fetchmail-SA-2005-01
Next by Date: [HSC Security Group] XSS in CartWiz
Previous by thread: fetchmail security announcement fetchmail-SA-2005-01
Next by thread: [HSC Security Group] XSS in CartWiz
Index(es):
- Date
- Thread