Info

Disclosure

May 21, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Hummingbird Exceed contains a flaw that may allow a malicious user to bypass certain restrictions. The issue is triggered due to an unspecified error within Xconfig, which may allow a malicious user to edit settings that are normally disabled through the Mandatory Settings list and bypass security restrictions. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Hummingbird has released a patch to address this vulnerability.

Products

Hummingbird

Exceed

9.x

References

Secunia Advisory ID: 11678
ISS X-Force ID: 16221
CVE ID: 2004-2258 (see also: NVD)
Vendor Specific Solution URL: http://support.hummingbird.com/customer/download.asp?r2=/exceed/900/xconfig_9002.zip
Vendor URL: http://www.hummingbird.com/products/nc/exceed/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/6304