Details of VAR-200609-0102

ID

VAR-200609-0102

CVE

CVE-2006-4588

TITLE

vtiger CRM Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2006-003116

DESCRIPTION

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: vtiger CRM Script Insertion and Administrative Modules Access SECUNIA ADVISORY ID: SA21728 VERIFY ADVISORY: http://secunia.com/advisories/21728/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Ivan Markovic has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct script insertion attacks and bypass certain security restrictions. 1) Input passed to the "description" field in various modules when e.g. creating a contact and the "solution" field when an administrator modifies the solution in the HelpDesk modules isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. 2) An error in the access control verification can be exploited by a normal user to access administrative modules (e.g. the settings section) by accessing certain URLs directly. The vulnerabilities have been confirmed in version 4.2.4. Use another product. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic ORIGINAL ADVISORY: http://www.security-net.biz/adv/D3906a.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-4588 // JVNDB: JVNDB-2006-003116 // BID: 19829 // VULHUB: VHN-20696 // PACKETSTORM: 49637

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	eq	version:	4.2.4	Trust: 1.9
vendor:	vtiger	model:	crm	scope:	eq	version:	4.2	Trust: 1.6
vendor:	vtiger	model:	crm	scope:	lte	version:	4.2.4	Trust: 0.8

sources: BID: 19829 // JVNDB: JVNDB-2006-003116 // CNNVD: CNNVD-200609-061 // NVD: CVE-2006-4588

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4588
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-4588
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200609-061
value:	HIGH
Trust: 0.6
VULHUB:	VHN-20696
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-4588
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-20696
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-20696 // JVNDB: JVNDB-2006-003116 // CNNVD: CNNVD-200609-061 // NVD: CVE-2006-4588

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4588

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-061

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200609-061

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003116

PATCH

title:

vtiger CRM

url:

https://www.vtiger.com/crm/

Trust: 0.8

sources: JVNDB: JVNDB-2006-003116

EXTERNAL IDS

db:	NVD	id:	CVE-2006-4588	Trust: 2.5
db:	BID	id:	19829	Trust: 2.0
db:	SECUNIA	id:	21728	Trust: 1.8
db:	OSVDB	id:	28462	Trust: 1.7
db:	VUPEN	id:	ADV-2006-3444	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-003116	Trust: 0.8
db:	CNNVD	id:	CNNVD-200609-061	Trust: 0.7
db:	VULHUB	id:	VHN-20696	Trust: 0.1
db:	PACKETSTORM	id:	49637	Trust: 0.1

sources: VULHUB: VHN-20696 // BID: 19829 // JVNDB: JVNDB-2006-003116 // PACKETSTORM: 49637 // CNNVD: CNNVD-200609-061 // NVD: CVE-2006-4588

REFERENCES

url:	http://www.security-net.biz/adv/d3906a.txt	Trust: 1.8
url:	http://www.securityfocus.com/bid/19829	Trust: 1.7
url:	http://www.osvdb.org/28462	Trust: 1.7
url:	http://secunia.com/advisories/21728	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/3444	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4588	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4588	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/3444	Trust: 0.6
url:	http://www.vtiger.com/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6211/	Trust: 0.1
url:	http://secunia.com/quality_assurance_analyst/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/21728/	Trust: 0.1
url:	http://secunia.com/web_application_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-20696 // BID: 19829 // JVNDB: JVNDB-2006-003116 // PACKETSTORM: 49637 // CNNVD: CNNVD-200609-061 // NVD: CVE-2006-4588

CREDITS

Ivan Markovic is credited with the discovery of these vulnerabilities.

Trust: 0.9

sources: BID: 19829 // CNNVD: CNNVD-200609-061

SOURCES

db:	VULHUB	id:	VHN-20696
db:	BID	id:	19829
db:	JVNDB	id:	JVNDB-2006-003116
db:	PACKETSTORM	id:	49637
db:	CNNVD	id:	CNNVD-200609-061
db:	NVD	id:	CVE-2006-4588

LAST UPDATE DATE

2024-08-14T14:22:37.846000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-20696	date:	2011-03-08T00:00:00
db:	BID	id:	19829	date:	2006-09-06T20:23:00
db:	JVNDB	id:	JVNDB-2006-003116	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200609-061	date:	2006-09-15T00:00:00
db:	NVD	id:	CVE-2006-4588	date:	2011-03-08T02:41:25.767

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-20696	date:	2006-09-06T00:00:00
db:	BID	id:	19829	date:	2006-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2006-003116	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	49637	date:	2006-09-06T06:32:48
db:	CNNVD	id:	CNNVD-200609-061	date:	2006-09-06T00:00:00
db:	NVD	id:	CVE-2006-4588	date:	2006-09-06T22:04:00