o0O Digital_Rebels O0o - Advisory #1 - --[Facts]-- Advisory : DR.Timbuktu.Database.Insecurity Date : 19.02.02 Application : Timbuktu Pro 4.5 Build 869 (former versions are likely to be affected, too) Impact : Overriding User-Database Author : Ernesto Tequila --[Introduction]-- For IT professionals, Timbuktu Pro means the best remote control technology for reducing the Total Cost of Ownership, while simultaneously increasing productivity across the enterprise. For telecommuters, Timbuktu is an indispensable remote collaboration and communications tool that enables professionals to connect to remote machines in real time. --[Advisory]-- Timbuktu is a Remote Access Server / Client for Windows and Mac environments. It gives the user control over the server according to it's restrictions set in the User-Database of the server. All user information is stored on the server side in a file called tb2.plu which normally resides in :\Programme\Timbuktu Pro. Timbuktu stores the usernames in cleartext in this file giving anyone the possibility to look up user accounts. Even more critical is the point that this file is not locked during the operation of the server, giving intruders the possibility to replace the tb2.plu file with one created at home with a known username / password combination and no restrictions at all. After a restart of the Timbuktu application it reads the new user / passes from the file, granting the intruder full administrator access! --[Patch]-- No patch available at the moment Check www.netopia.com for updates! --[Contact]-- Ernesto Tequila www.digreb.de --[Shouts]-- ..:: DigReb, HDC, THC ::.. ..:: Rolex, xaitax, Lazarus, Leh, Semmel, marts, hb-man ::..