Home page logo
/

bugtraq logo Bugtraq mailing list archives

Vulnerability in IBM access
From: sylvain.roger () solucom fr
Date: 26 Jul 2005 09:46:44 -0000

Hello, 

I would like to make to Bugtraq knowledge the existence of a security vulnerability in IBM access software. IBM access 
is vulnerable to a Shared Section vulnerability. The processes QCWLICON.exe and QCTRAY.exe have the section 
\BaseNamedObjects\QCONDB with invalid rights which allows everyone to read the configuration of all connections and to 
write arbitrary data to create a dos against the application. 
This could be shown with the Process Explorer tool by sysinternal and used by the ListSS, DumpSS and TestSS tools 
written by C Cerrudo. 
Regards, 

Sylvain ROGER
Security Consultant
http://www.solucom.fr


  By Date           By Thread  

Current thread:
  • Vulnerability in IBM access sylvain . roger (Jul 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault