<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4529" target="_blank">CVE</a>)</em> : The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd.

Upgrade to version 2.0.23.15 BETA or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Unknown or Incomplete

• CVE ID: 2007-4529 (see also: NVD)
• Bugtraq ID: 23935
• Secunia Advisory ID: 25242
• ISS X-Force ID: 34254
• Related OSVDB ID: 36048 36049
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html
• Other Advisory URL: http://securityvulns.com/Rdocument6.html

Unknown or Incomplete