Geeklog Floating-Point Number Arbitrary Administrative Access

2003-05-29T00:00:00
ID OSVDB:4813
Type osvdb
Reporter pokleyzz(pokleyzz@scan-associates.net)
Modified 2003-05-29T00:00:00

Description

Vulnerability Description

Geeklog contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. By issuing a floating-point number for the 'userid' variable, a remote attacker could gain administrative access, resulting in a loss of integrity.

Solution Description

Upgrade to version 1.3.7sr2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Geeklog contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. By issuing a floating-point number for the 'userid' variable, a remote attacker could gain administrative access, resulting in a loss of integrity.

References:

Vendor URL: http://www.geeklog.net/ Vendor Specific Advisory URL Secunia Advisory ID:8895 Related OSVDB ID: 4811 Related OSVDB ID: 4812 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0092.html ISS X-Force ID: 12123 CVE-2002-0097 Bugtraq ID: 7742