OSVDB ID: 16620

Title: Sigma ISP Manager sigmaweb.dll Malformed Input Error Message Information Disclosure

Info

Disclosure

May 17, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Sigma ISP Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when malformed input is given to the "username", "password" or "domain" fields, which will disclose database information resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Rumored

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Atinegar

Sigma ISP Manager

6.6

References

Security Tracker: 1013979
Secunia Advisory ID: 15379
CVE ID: 2005-1639 (see also: NVD)
Vendor URL: http://www.atinegar.com/sigma.aspx
Other Advisory URL: http://www.under9round.com/sigma.txt

Credit

last samurai - Last.Samuraigmail.com - under9round digital security

Direct URL: http://osvdb.org/16620