Certain versions of the WebTrends Enterprise Reporting Server contain a series of vulnerabilities. Namely versions 1.5 and previous, the vulnerabilities in question are: 1. Logging via the server will write to a world/writable file. Under certain conditions this file may contain certain sensitive information such as usernames and passwords, in clear text. This in particular is known to occur if you are not running using PAM (Pluggable Authentication Module). If the server is running without PAM, users must use the server provided interface to create new users and set their passwords. In this case, by default, everything (including username and password) is stored in clear text in the file "interface.log" with read/write permissions for user, group and other. Any local user can read that file. If a WebTrends user has also an shell account on the box with the same password, that account can be compromised. 2. The server stores its' user information in files with world read/write...
Certain versions of the WebTrends Enterprise Reporting Server contain a series of vulnerabilities. Namely versions 1.5 and previous, the vulnerabilities in question are: 1. Logging via the server will write to a world/writable file. Under certain conditions this file may contain certain sensitive information such as usernames and passwords, in clear text. This in particular is known to occur if you are not running using PAM (Pluggable Authentication Module). If the server is running without PAM, users must use the server provided interface to create new users and set their passwords. In this case, by default, everything (including username and password) is stored in clear text in the file "interface.log" with read/write permissions for user, group and other. Any local user can read that file. If a WebTrends user has also an shell account on the box with the same password, that account can be compromised. 2. The server stores its' user information in files with world read/write permissions. All user information is stored in the directory "wtm_wtx/datfiles/users" in the format "username.usr". Those files are with owner/group/other read/write permissions. Any local user, can decrypt the password or even easier alter/delete the user file and therefore create a denial of service. 3. User profiles are stored in world readable, writable files. By altering these files it may be possible to launch a denial of service attack. As with the user files all profile information is stored in "wtm_wtx/datfiles/profiles" with owner/group/other read/write permissions. Any local user can alter/delete the profile file and therefore create a denial of service. 4. Under default installations, a blank username and password is enabled. This will allow remote users to access the server with administration privileges to the software if the owner neglects to change this.
