Summary
ShoreWare Director is prone to a remote security-bypass vulnerability.
Impact
Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions or cause a denial-of-service condition.
Solution
Ask the Vendor for an update.
Insight
By default, the /ShorewareDirector directory is available via anonymous FTP, unrestricted, and with read-write access. It is vulnerable to:
- A Denial of Service (DoS) filling up the disk with arbitrary files.
If the directory resides on the C: drive, it could make the entire server unavailable. Otherwise, it could prevent administrators from changing menu prompts or other system functions utilizing the same disk.
- Unauthenticated changes and deletion of menu prompts actively being used by the system. Deleting an actively used file will cause the system to use the default greeting. An attacker could overwrite an active prompt (can take hours to refresh from the FTP server though) that would result in a good laugh and high fives, but also could be used to convince users to take further action or disclose sensitive information as a step in a more complex attack.
Affected
ShoreWare Director 18.61.7500.0 is vulnerable
other versions may also
be affected.
Detection
Check the Build version.
References
Updated on 2015-03-25
