Hitachi Multiple Hibun Product View Function Privilege Escalation

2005-06-30T12:16:11
ID OSVDB:17673
Type osvdb
Reporter OSVDB
Modified 2005-06-30T12:16:11

Description

Vulnerability Description

The Hitachi Hibun Advanced Edition Server and Advanced Information Cypher products contain a flaw that may allow a malicious user to bypass access restrictions. The issue is triggered when a user accesses the view function of the Hibun Viewer from a client PC, resulting in the ability to operate beyond their privileges.

Solution Description

Upgrade to version 07-50-/C for Hibun Advanced Edition Server (versions 07-50 through 07-50-/B) and to version 07-50-/C for Hibun Advanced Edition Information Cypher (versions 07-50 through 07-50-/B), as it has been reported to fix this vulnerability. Updates are reportedly being scheduled for the other versions.

An upgrade is required as there are no known workarounds.

Short Description

The Hitachi Hibun Advanced Edition Server and Advanced Information Cypher products contain a flaw that may allow a malicious user to bypass access restrictions. The issue is triggered when a user accesses the view function of the Hibun Viewer from a client PC, resulting in the ability to operate beyond their privileges.

References:

Vendor Specific Advisory URL Secunia Advisory ID:15863 Related OSVDB ID: 17674 Keyword: HS05-010 Bugtraq ID: 14113