Bugtraq mailing list archives

Cartfix Secret Backdoor Patch tool for cart32

From: weld () ATSTAKE COM (Weld Pond)
Date: Thu, 27 Apr 2000 17:10:55 -0400


                                         @Stake Inc.
                           L0pht Research Labs
                     www.atstake.com     www.L0pht.com

                            Security Tool Release

                      Name: Cartfix Secret Backdoor Patch tool
                Release Date: April 27, 2000
          Application: Cart32 Shopping Cart Program
                Platform: Win32
             Severity: An attacker can execute commands on the web
                       server and modify admin password
                    Author: Dildog [dildog () atstake com]
                       Weld Pond [weld () atstake com]
           Vendor Status: Vendor has been notified
                  Web: http://www.L0pht.com/advisories.html

 Overview:

 Cerberus Information Security Advisory (CISADV000427), available at
 http://www.cerberus-infosec.co.uk/advcart32.html, details serious
 vulnerabilities in the Cart32 shopping cart software,
 http://www.cart32.com. The advisory details a secret backdoor password and
 secret URLs that can be used to access sensitive data and issue commands
 on web servers running the cart32 software.

 The Cartfix program is a quick temporary solution for users waiting for a
 permanent fix from the cart32 vendor, McMurtrey/Whitaker & Associates.
 The Cartfix program searches for the secret backdoor password in the
 cart32.exe program and replaces it with a random backdoor password. It
 changes the ACL on the c32web.exe administration program so that anonymous
 users cannot change the administrator password for cart32. This ACL fix
 will only work on Windows NT/2000 systems.

 This patch does in no way make the cart32 software secure. It merely
 eliminates the two problems detailed in the Cerberus Information Security
 advisory. The security problems in this software are at a basic design
 level and may take several days for the vendor to fix. This patch will
 allow users of cart32 to be safe from these high risk vulnerabilies while
 awaiting this fix.

 Executable file: http://www.l0pht.com/advisories/cartfix.exe

 Source code: http://www.l0pht.com/advisories/cartfixsrc.zip

 Directions:
 You must be logged on as administrator to run the program. Press the
 browse button and select the directory that contains the cart32 software.
 This is usually cgi-bin or scripts. After the directory is selected press
 'patch' to patch your cart32 installation.

 [ For more advisories check out http://www.l0pht.com/advisories.html ]
                                         L-ZERO-P-H-T

Current thread:

SECURITY: [RHSA-2000:014-10] Updated piranha packages available, (continued)
- SECURITY: [RHSA-2000:014-10] Updated piranha packages available Cristian Gafton (Apr 24)
- FreeBSD Security Advisory: FreeBSD-SA-00:14.imap-uw FreeBSD Security Officer (Apr 24)
- FreeBSD Security Advisory: FreeBSD-SA-00:15.imap-uw FreeBSD Security Officer (Apr 24)
- piranha default password/exploit Max Vision (Apr 24)
  - Re: piranha default password/exploit Cristian Gafton (Apr 25)
  - Re: piranha default password/exploit CDI (Apr 25)
    - Re: piranha default password/exploit Matt Wilson (Apr 26)
    - fingerd Psarras Nikos (Apr 27)
    - Re: fingerd Brock Sides (Apr 27)
    - Re: fingerd Jeremy Rauch (Apr 27)
    - Cartfix Secret Backdoor Patch tool for cart32 Weld Pond (Apr 27)
- ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Aleph One (Apr 25)
  - Re: ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Cristian Gafton (Apr 25)