|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200601-15] Paros: Default administrator password Vulnerability Scan
Vulnerability Scan Summary
Paros: Default administrator password
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200601-15
(Paros: Default administrator password)
Andrew Christensen discovered that in older versions of Paros the
database component HSQLDB is installed with an empty password for the
database administrator "sa".
Impact
Since the database listens globally by default, a possible hacker can
connect and issue arbitrary commands, including execution of binaries
installed on the host.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3280
Solution:
All Paros users should upgrade to the latest version:
# emerge --snyc
# emerge --ask --oneshot --verbose ">=net-proxy/paros-3.2.8"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
