---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: NotifyLink Enterprise Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA14617 VERIFY ADVISORY: http://secunia.com/advisories/14617/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data, Exposure of sensitive information WHERE: >From remote SOFTWARE: NotifyLink Enterprise Server http://secunia.com/product/4790/ DESCRIPTION: NOAA NCIRT Lab has reported some vulnerabilities in NotifyLink Enterprise Server, which can be exploited to disclose sensitive information, bypass certain security restrictions, and conduct SQL injection attacks. 1) A design error allows administrative users to view other users' private credentials including NotifyLink and mail server passwords. 2) An administrative user can disable certain functions for users via the web interface. However, the functions are only disabled in the GUI and can still be used by accessing certain URLs directly. 3) Some unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4) AES keys are publicly accessible and can be retrieved by sending a POST request to "/hwp/get.asp". Successful exploitation may allow decryption of encrypted mail messages. SOLUTION: 1-3) Update to version 3.0 or later. 4) Configure NotifyLink to use "Manual Key Generation". PROVIDED AND/OR DISCOVERED BY: NOAA NCIRT Lab ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/770532 http://www.kb.cert.org/vuls/id/131828 http://www.kb.cert.org/vuls/id/264097 http://www.kb.cert.org/vuls/id/581068 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------