'Cartfix Secret Backdoor Patch tool for cart32'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Cartfix Secret Backdoor Patch tool for cart32
From:       Weld Pond <weld () ATSTAKE ! COM>
Date:       2000-04-27 21:10:55
[Download RAW message or body]

 				        @Stake Inc.
                           L0pht Research Labs
                     www.atstake.com     www.L0pht.com


                            Security Tool Release

 		     Name: Cartfix Secret Backdoor Patch tool
     	   Release Date: April 27, 2000
          Application: Cart32 Shopping Cart Program
 	       Platform: Win32
             Severity: An attacker can execute commands on the web
                       server and modify admin password
 		   Author: Dildog [dildog@atstake.com]
                       Weld Pond [weld@atstake.com]
 	  Vendor Status: Vendor has been notified
                  Web: http://www.L0pht.com/advisories.html

 Overview:

 Cerberus Information Security Advisory (CISADV000427), available at
 http://www.cerberus-infosec.co.uk/advcart32.html, details serious
 vulnerabilities in the Cart32 shopping cart software,
 http://www.cart32.com. The advisory details a secret backdoor password and
 secret URLs that can be used to access sensitive data and issue commands
 on web servers running the cart32 software.

 The Cartfix program is a quick temporary solution for users waiting for a
 permanent fix from the cart32 vendor, McMurtrey/Whitaker & Associates.
 The Cartfix program searches for the secret backdoor password in the
 cart32.exe program and replaces it with a random backdoor password. It
 changes the ACL on the c32web.exe administration program so that anonymous
 users cannot change the administrator password for cart32. This ACL fix
 will only work on Windows NT/2000 systems.

 This patch does in no way make the cart32 software secure. It merely
 eliminates the two problems detailed in the Cerberus Information Security
 advisory. The security problems in this software are at a basic design
 level and may take several days for the vendor to fix. This patch will
 allow users of cart32 to be safe from these high risk vulnerabilies while
 awaiting this fix.

 Executable file: http://www.l0pht.com/advisories/cartfix.exe

 Source code: http://www.l0pht.com/advisories/cartfixsrc.zip

 Directions:
 You must be logged on as administrator to run the program. Press the
 browse button and select the directory that contains the cart32 software.
 This is usually cgi-bin or scripts. After the directory is selected press
 'patch' to patch your cart32 installation.


 [ For more advisories check out http://www.l0pht.com/advisories.html ]
                                         L-ZERO-P-H-T

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic