ID OSVDB:8246 Type osvdb Reporter Dirk Loss(dirk.loss@it-consult.net) Modified 2004-07-24T10:52:51
Description
Vulnerability Description
The firmware in eSeSIX Thintune client contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when connecting to port 25072 and using a default password of 'jstwo', which could allow a remote attacker to gain unauthorized root access to the system, resulting in a loss of integrity.
Solution Description
Upgrade to version 2.4.39 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
The firmware in eSeSIX Thintune client contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when connecting to port 25072 and using a default password of 'jstwo', which could allow a remote attacker to gain unauthorized root access to the system, resulting in a loss of integrity.
{"type": "osvdb", "published": "2004-07-24T10:52:51", "href": "https://vulners.com/osvdb/OSVDB:8246", "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "edition": 1, "reporter": "Dirk Loss(dirk.loss@it-consult.net)", "title": "eSeSIX Thintune Client Default Root Password", "affectedSoftware": [{"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune XS"}, {"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune L"}, {"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune S"}, {"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune XM"}, {"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune M"}], "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2017-04-28T13:20:03", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:03", "rev": 2}, "vulnersScore": 0.5}, "references": [], "id": "OSVDB:8246", "lastseen": "2017-04-28T13:20:03", "cvelist": [], "modified": "2004-07-24T10:52:51", "description": "## Vulnerability Description\nThe firmware in eSeSIX Thintune client contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when connecting to port 25072 and using a default password of 'jstwo', which could allow a remote attacker to gain unauthorized root access to the system, resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 2.4.39 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nThe firmware in eSeSIX Thintune client contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when connecting to port 25072 and using a default password of 'jstwo', which could allow a remote attacker to gain unauthorized root access to the system, resulting in a loss of integrity.\n## References:\nVendor URL: http://www.thintune.com/en/index.htm\nSecurity Tracker: 1010770\n[Secunia Advisory ID:12154](https://secuniaresearch.flexerasoftware.com/advisories/12154/)\n[Related OSVDB ID: 8249](https://vulners.com/osvdb/OSVDB:8249)\n[Related OSVDB ID: 8250](https://vulners.com/osvdb/OSVDB:8250)\n[Related OSVDB ID: 8248](https://vulners.com/osvdb/OSVDB:8248)\n[Related OSVDB ID: 8247](https://vulners.com/osvdb/OSVDB:8247)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0273.html\nISS X-Force ID: 16790\nBugtraq ID: 10794\n", "immutableFields": []}