Users of Sawmill please be advised of a Privilege-escalation and Code-execution Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
20101021-0: Sawmill Privilege-escalation and Code-execution
product: Sawmill - Universal Log File Analysis
Vulnerability overview/description:
-----------------------------------
Sawmill suffers from multiple critical vulnerabilities which allow an
_unauthenticated_ attacker to gain administrative rights. Furthermore
it is possible to access (RW) the file system and execute arbitrary
commands on the operating system without authentication.
Attackers with valid accounts are able to reset the root password or
add/delete log profiles, view and manipulate admin settings etc.
It must be noted that further vulnerabilities are to be expected
within the software (such as buffer overflows, etc.). Due to lack of
time no further vulnerabilities could be searched.Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/dtsl
No comments:
Post a Comment