ID
VAR-200412-0966
CVE
CVE-2004-2050
TITLE
eSeSIX Thintune Thin client device multiple security vulnerabilities
Trust: 0.6
DESCRIPTION
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell. Thintune Linux-based devices are reported prone to multiple vulnerabilities. These issues can allow remote attackers to gain complete access to a vulnerable device. The issues include backdoor accounts that can be accessed over the network and an information disclosure issue that can disclose user accounts and passwords. Thintune devices with firmware version 2.4.38 and prior are affected by these issues. Reportedly, Thintune devices based on Windows CE are not affected. eSeSIX Thintune is a series of thin client applications developed by eSeSIX GmbH. ICA, RDP, X11 and SSH support on custom Linux platforms. The second problem is that there is a password disclosure problem. The Keeper library is used to store all JStream configuration settings. The configuration files are stored in the /root/.keeper/ directory. By browsing the local file system or using the \"getreg\" provided in the first question " command, which can remotely read the Keeper database information, resulting in access to VNC, control center and screen saver password information. The third problem is that any user who obtains the local ROOT SHELL can press <CTRL><SHIFT><ALT><DEL> and then enter the \"maertsJ\" password to obtain the ROOT SHELL. The fourth problem is to view the plain text password of the local user. Thintune software supports end users to access through the Phoenix Web browser. By entering \"file:///\", the local file system directory can be obtained, and the local user can use the browser to view sensitive information. The fifth problem is that the password check is incorrect. If the user sets the password as \'\'a\'\', then inputting a character string starting with \"automobile\", \"any\" or \"afternoon\" is fine. Successfully authenticated
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | esesix | model: | thintune xs | scope: | eq | version: | 2.4.38 | Trust: 1.9 |
| vendor: | esesix | model: | thintune xm | scope: | eq | version: | 2.4.38 | Trust: 1.9 |
| vendor: | esesix | model: | thintune s | scope: | eq | version: | 2.4.38 | Trust: 1.9 |
| vendor: | esesix | model: | thintune mobile | scope: | eq | version: | 2.4.38 | Trust: 1.9 |
| vendor: | esesix | model: | thintune m | scope: | eq | version: | 2.4.38 | Trust: 1.9 |
| vendor: | esesix | model: | thintune l | scope: | eq | version: | 2.4.38 | Trust: 1.9 |
| vendor: | esesix | model: | thintune extreme | scope: | eq | version: | 2.4.38 | Trust: 1.9 |
| vendor: | esesix | model: | thintune xs | scope: | ne | version: | 2.4.39 | Trust: 0.3 |
| vendor: | esesix | model: | thintune xm | scope: | ne | version: | 2.4.39 | Trust: 0.3 |
| vendor: | esesix | model: | thintune s | scope: | ne | version: | 2.4.39 | Trust: 0.3 |
| vendor: | esesix | model: | thintune mobile | scope: | ne | version: | 2.4.39 | Trust: 0.3 |
| vendor: | esesix | model: | thintune m | scope: | ne | version: | 2.4.39 | Trust: 0.3 |
| vendor: | esesix | model: | thintune l | scope: | ne | version: | 2.4.39 | Trust: 0.3 |
| vendor: | esesix | model: | thintune extreme | scope: | ne | version: | 2.4.39 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
local
Trust: 0.6
TYPE
Unknown
Trust: 0.9
EXTERNAL IDS
| db: | BID | id: | 10794 | Trust: 2.0 |
| db: | NVD | id: | CVE-2004-2050 | Trust: 1.7 |
| db: | OSVDB | id: | 8248 | Trust: 1.7 |
| db: | SECTRACK | id: | 1010770 | Trust: 1.7 |
| db: | SECUNIA | id: | 12154 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200412-472 | Trust: 0.7 |
| db: | NSFOCUS | id: | 6752 | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20040724 ESESIX THINTUNE THIN CLIENT MULTIPLE VULNERABILITIES | Trust: 0.6 |
| db: | XF | id: | 16808 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-10478 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/10794 | Trust: 1.7 |
| url: | http://www.osvdb.org/8248 | Trust: 1.7 |
| url: | http://securitytracker.com/id?1010770 | Trust: 1.7 |
| url: | http://secunia.com/advisories/12154 | Trust: 1.7 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/16808 | Trust: 1.1 |
| url: | http://marc.info/?l=bugtraq&m=109068491801021&w=2 | Trust: 1.0 |
| url: | http://xforce.iss.net/xforce/xfdb/16808 | Trust: 0.6 |
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=109068491801021&w=2 | Trust: 0.6 |
| url: | http://www.nsfocus.net/vulndb/6752 | Trust: 0.6 |
| url: | http://www.thintune.com/en/products/index.htm | Trust: 0.3 |
| url: | /archive/1/369833 | Trust: 0.3 |
| url: | http://marc.info/?l=bugtraq&m=109068491801021&w=2 | Trust: 0.1 |
CREDITS
Loss, Dirkā» Dirk.Loss@it-consult.net
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-10478 |
| db: | BID | id: | 10794 |
| db: | CNNVD | id: | CNNVD-200412-472 |
| db: | NVD | id: | CVE-2004-2050 |
LAST UPDATE DATE
2024-08-14T13:51:13.408000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-10478 | date: | 2017-07-11T00:00:00 |
| db: | BID | id: | 10794 | date: | 2004-07-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-200412-472 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2004-2050 | date: | 2017-07-11T01:31:35.297 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-10478 | date: | 2004-12-31T00:00:00 |
| db: | BID | id: | 10794 | date: | 2004-07-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-200412-472 | date: | 2004-07-24T00:00:00 |
| db: | NVD | id: | CVE-2004-2050 | date: | 2004-12-31T05:00:00 |