exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

LedgerSMB 1.3 Denial Of Service

LedgerSMB 1.3 Denial Of Service
Posted Jul 31, 2012
Authored by Chris Travers

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.

tags | advisory, denial of service
SHA-256 | 4cd2f77e1b66b8024507a17ff8fd9246978a15c4237dcc46026b9a96ef1a1227

LedgerSMB 1.3 Denial Of Service

Change Mirror Download
A security oversight has been discovered in LedgerSMB 1.3 which could
allow a malicious user to cause a denial of service against LedgerSMB
or otherwise affect the way in which certain forms of data would get
entered. In most cases we do not believe this to be particularly
severe in the absence of poor internal process controls. Users in
some jurisdictions however may need to take this more seriously (see
full details below).

Basic details:

Login required: Yes
Complexity of Attack: Low
Impact: Can alter software settings in excess of authorization
Most likely impacts: Malicious employee could cause denial of service
for some features and regulatory compliance problems in some
jurisdictions.
Impact Level: Low for most users, moderate for others.

Who is not affected: Single user environments

Recommended Mitigating Measures: Proper internal process controls
greatly mitigate the impact of this issue.

Patch Availability: A patch is available from the LedgerSMB team but
it has not been fully regression tested. It can be obtained by
emailing chris@metatrontech.com and is scheduled for inclusion in
1.3.21.

Scope of Patch: This patch fixes the issue on the middleware level.
It has no impact on third party applications writing to the database
directly. It does not fix the problem on 1.2.x, and existing
workarounds are insufficient to address the issue in 1.2.x. If you
are using 1.2.x your best option is to upgrade to 1.3.x.

Full Details:

LedgerSMB stores many system settings in the database and many of
these must be incremented by ordinary users, so permissions are widely
granted to these setting tables. A malicious user could craft a
carefully formed URL and cause LedgerSMB to overwrite existing
settings. A few settings, however, are security-critical. Because
some invoice numbers, etc. are guaranteed to be unique, this could
interfere with posting of transactions in an automated environment,
and it could be used to ensure that password resets would lock users
out of the system. There were insufficient permissions checks on the
routines which update system settings and so consequently, could
overwrite existing values. These settings range in function from
email addresses where invoices are sent from, to the next invoice
number, to password duration. A malicious individual can thus change
security-related aspects of configuration, and change the value for
the next invoice to be generated. This cannot be used to grant
additional permissions to the user however.

Additionally in some locations invoices are required to be numbered in
a gapless way. Some countries require this in order to help cut down
on tax evasion. Because next invoice number settings can be
overwritten, this problem can run users into regulatory compliance
problems. Users in areas which require gapless numbering of financial
documents need to treat this problem as more severe.

Discovery:

Chris Travers found the problem during work on forthcoming versions.

Best Wishes,
Chris Travers
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close