Blackboard Academic Suite frameset.jsp url Variable Local File Inclusion

2005-12-10T10:42:32
ID OSVDB:21618
Type osvdb
Reporter OSVDB
Modified 2005-12-10T10:42:32

Description

Technical Description

According to the vendor, "this vulnerability only affects customers who are running our software using particular LDAP servers using specific settings."

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Blackboard has released a patch to address this vulnerability.

Manual Testing Notes

http://[target]/frameset.jsp?tab=[valid_tab]&url=/something&course_id=[valid_id]

References:

Vendor URL: http://www.blackboard.com/ Secunia Advisory ID:17991 Related OSVDB ID: 21616 Related OSVDB ID: 21619 Related OSVDB ID: 21617 Other Advisory URL: http://www.ipomonis.com/advisories/Bb_6.zip Keyword: KB 181-2690 ISS X-Force ID: 23558 CVE-2005-4206 CVE-2005-4340 Bugtraq ID: 15814