ID OSVDB:5684 Type osvdb Reporter OSVDB Modified 1990-01-01T00:00:00
Description
Vulnerability Description
Iniquity BBS contains a flaw that may allow an unprivileged user to download arbitrary files. The issue is due to the Sysop line chat allowing system commands to be executed from either side of the chat. If a user initiates a file transfer from the chat, they may download any file on the host system.
Technical Description
Since the command to download an arbitrary file will be seen by both sides as it is typed, this vulnerability relies on the Sysop not watching the chat screen.
Solution Description
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: do not leave a user chat session unattended.
Short Description
Iniquity BBS contains a flaw that may allow an unprivileged user to download arbitrary files. The issue is due to the Sysop line chat allowing system commands to be executed from either side of the chat. If a user initiates a file transfer from the chat, they may download any file on the host system.
References:
{"title": "Iniquity BBS Line Chat Arbitrary File Access", "published": "1990-01-01T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "cvelist": [], "viewCount": 1, "affectedSoftware": [{"version": "Unknown or Unspecified", "name": "BBS", "operator": "eq"}], "hash": "f522112e62d0aa2a048b3e5317e9ec7a1acfa20b8ee094ed0ed6fe2ee2f0edf9", "id": "OSVDB:5684", "modified": "1990-01-01T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:5684", "hashmap": [{"hash": "55559192bcc994e47ea54d1fa26f003d", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8e1b2d46ff4471b8c90e8db7c238d43f", "key": "description"}, {"hash": "d659460fdbf045d2dc12c8634a06f908", "key": "href"}, {"hash": "de3f17502d8f0ffa0efd7963b060f1c6", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "de3f17502d8f0ffa0efd7963b060f1c6", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "955b328dc7cd615c13af5464c9183464", "key": "reporter"}, {"hash": "67548f6058bf5439a254611696160bd8", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\nIniquity BBS contains a flaw that may allow an unprivileged user to download arbitrary files. The issue is due to the Sysop line chat allowing system commands to be executed from either side of the chat. If a user initiates a file transfer from the chat, they may download any file on the host system.\n## Technical Description\nSince the command to download an arbitrary file will be seen by both sides as it is typed, this vulnerability relies on the Sysop not watching the chat screen.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: do not leave a user chat session unattended.\n## Short Description\nIniquity BBS contains a flaw that may allow an unprivileged user to download arbitrary files. The issue is due to the Sysop line chat allowing system commands to be executed from either side of the chat. If a user initiates a file transfer from the chat, they may download any file on the host system.\n## References:\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-04-28T13:20:00"}
