Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

T-015: InstallShield / Macrovision / Acresso FLEXnet Connect Vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) T-015: InstallShield / Macrovision / Acresso FLEXnet Connect Vulnerabilities
# 1  
Old 11-13-2008
T-015: InstallShield / Macrovision / Acresso FLEXnet Connect Vulnerabilities
Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The risk is MEDIUM. By modifying the rule script that is sent to a FLEXnet Connect client, a remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. HP-UX

installshield....

hi all is it possible to automate installaion process of any software on unix? for eg. we have our front end on windows and we have installshield package that installs everything creating folder structure to creating database. now we are planning to automate our backend installation like... (0 Replies)
Discussion started by: zedex
0 Replies

2. Solaris

some questions on 310-015

hi can any1 pls ans these questions 22. Which two statements about the functionality of the syslogd daemon are true? (Choose two) A. Error messages can only be logged locally in a system log. B. The kernel, daemons, and syslogd each write directly to a system log. C. Syslogd can write... (1 Reply)
Discussion started by: azeem_3001
1 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

dblink_connect_u

DBLINK_CONNECT_U(3)					  PostgreSQL 9.2.7 Documentation				       DBLINK_CONNECT_U(3)

NAME

       dblink_connect_u - opens a persistent connection to a remote database, insecurely

SYNOPSIS

       dblink_connect_u(text connstr) returns text
       dblink_connect_u(text connname, text connstr) returns text

DESCRIPTION

       dblink_connect_u() is identical to dblink_connect(), except that it will allow non-superusers to connect using any authentication method.

       If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of
       privileges can occur, because the session will appear to have originated from the user as which the local PostgreSQL server runs. Also,
       even if the remote server does demand a password, it is possible for the password to be supplied from the server environment, such as a
       ~/.pgpass file belonging to the server's user. This opens not only a risk of impersonation, but the possibility of exposing a password to
       an untrustworthy remote server. Therefore, dblink_connect_u() is initially installed with all privileges revoked from PUBLIC, making it
       un-callable except by superusers. In some situations it may be appropriate to grant EXECUTE permission for dblink_connect_u() to specific
       users who are considered trustworthy, but this should be done with care. It is also recommended that any ~/.pgpass file belonging to the
       server's user not contain any records specifying a wildcard host name.

       For further details see dblink_connect().

PostgreSQL 9.2.7						    2014-02-17						       DBLINK_CONNECT_U(3)