| VID |
22356 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The 4D WebStar, according to its banner, has a local symbolic link vulnerability. 4D WebSTAR Server is a software product that provides Web, FTP, and Mail services for Mac OS X. 4D WebSTAR V versions 5.3.2 and earlier running on Mac OS X versions 10.3.3 and earlier are vulnerable to a local symbolic link attack. This issue is due to a design error that causes the application to open files without properly verifying their existence or their absolute location. Successful exploitation of this issue will allow a local attacker to write to arbitrary files writable by the affected application, facilitating privilege escalation.
* Note: This check relied on the banner of the remote 4D WebStar Web server, and on the wether the remote 4D WebStar FTP server is running, to assess this vulnerability, so this might be a false positive.
* References:
http://www.atstake.com/research/advisories/2004/a071304-1.txt
* Platforms Affected:
4D WebSTAR V 5.3.2 and earlier
Apple Mac OS 10.3.3 and earlier |
| Recommendation |
Upgrade to the latest version of 4D WebSTAR Server (5.3.3 or later), available from the WebSTAR FTP site at ftp://ftp.4d.com/products/WebSTAR/Current/4D_WebSTAR_V/ |
| Related URL |
CVE-2004-0698 (CVE) |
| Related URL |
10714 (SecurityFocus) |
| Related URL |
16689 (ISS) |
|
