The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Secure Computing Webwasher

vulnerability announce 8552

Secure Web SmartFilter: information disclosure

Synthesis of the vulnerability

Passwords are stored in clear form in some files of Secure Computing Secure Web SmartFilter.
Impacted products: Webwasher.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 23/03/2009.
Identifiers: VIGILANCE-VUL-8552.

Description of the vulnerability

The administration console of the Secure Computing Secure Web SmartFilter product stores its configuration in the C:\Program Files\Secure Computing\Smartfilter Administration\server\config\ directory.

However, access rights of config.txt and admin_backup.xml files allows a local attacker to read them. These files can contain a password to access to the proxy.

A local attacker can therefore obtain a password to connect to the proxy.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2008-1797

Webwasher: denial of service

Synthesis of the vulnerability

An attacker can use a malicious url in order to create a denial of service of Webwasher when it is installed under Linux.
Impacted products: Webwasher.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 04/04/2008.
Identifiers: BID-28600, CVE-2008-1797, VIGILANCE-VUL-7732.

Description of the vulnerability

The Webwasher product is available as:
 - an appliance based on a Linux system
 - a software to be installed on Linux
 - a software to be installed on Windows
A vulnerability impacts versions installed on Linux.

Indeed, the url parsing incorrectly uses a Linux feature, which blocks the program.

An attacker located on the internal network can thus use a malicious url in order to create the denial of service. An external attacker can also invite an internal user to visit a malicious url.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.