Authentication Bypass in Sun Cobalt RaQ XTR Administration Interface
CVE-2002-0430

Currently unrated

Key Information:

Vendor: Oracle
Status: Cobalt Raq 3i; Cobalt Raq 2; Cobalt Raq 4
Vendor: CVE Published:; 12 August 2002

Summary

A vulnerability exists in the administration interface of Sun Cobalt RaQ XTR due to improper handling of file uploads. Local users can leverage a symlink attack against the MultiFileUploadHandler.php script. By creating a symbolic link to a temporary file, they can overwrite arbitrary files on the server. This flaw allows local user to bypass authentication measures and manipulate sensitive files, posing a significant security risk. Administrators should ensure that proper file validations and access controls are implemented to mitigate this issue.

References

http://www.securityfocus.com/bid/4252

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2002-03/00...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Aug 12, 2002
Vulnerability Reserved
Jun 7, 2002