[39910] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Vulnerability in IBM access

daemon@ATHENA.MIT.EDU (sylvain.roger@solucom.fr)
Tue Jul 26 15:09:37 2005

Date: 26 Jul 2005 09:46:44 -0000
Message-ID: <20050726094644.12036.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: sylvain.roger@solucom.fr
To: bugtraq@securityfocus.com

Hello, 

I would like to make to Bugtraq knowledge the existence of a security vulnerability in IBM access software. IBM access is vulnerable to a Shared Section vulnerability. The processes QCWLICON.exe and QCTRAY.exe have the section \BaseNamedObjects\QCONDB with invalid rights which allows everyone to read the configuration of all connections and to write arbitrary data to create a dos against the application. 
This could be shown with the Process Explorer tool by sysinternal and used by the ListSS, DumpSS and TestSS tools written by C Cerrudo. 
Regards, 

Sylvain ROGER
Security Consultant
http://www.solucom.fr


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[39910] in bugtraq

Vulnerability in IBM access

daemon@ATHENA.MIT.EDU (sylvain.roger@solucom.fr)Tue Jul 26 15:09:37 2005

daemon@ATHENA.MIT.EDU (sylvain.roger@solucom.fr)
Tue Jul 26 15:09:37 2005