-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2006-012 Advisory Title: 2X ThinClientServer Create Admin Account Replay Vulnerability Author: Oliver Karow / oliver_karow@symantec.com Release Date: 12-04-2006 Application: 2X ThinClientServer Enterprise Edition v3_sp2-r1865 Platform: Windows / Linux Severity: Remotely exploitable / Administrator Access Vendor status: Verified by vendor. Resolved in ThinClientServer 4.0.2248 CVE Number: CVE-2006-6221 Reference: http://www.securityfocus.com/bid/21300 Overview: From vendor's website: "2X ThinClientServer provides a complete solution for the central deployment, configuration and management of thin clients, and provides load balancing and redundancy of terminal servers." It is possible to create administrative user accounts for the application, without authentication. Details: During the installation procedure, an administrative user account for the application is created. Sending the same request with a different username, after the installation is completed, creates an additional administrative account. The account can be created remotely and authentication is not required. Vendor Response: The above vulnerability is fixed and applicable to the following versions: - - ThinClientServer 4.0 Users of ThinClientServer Version 4 are unaffected by this issue. - - ThinClientServer 3.0 Please Upgrade your machine to Version 4.0.2248 or higher and deploy the new ThinClientOS 4.0 on your network to resolve this issue. This can be done by uploading the new image zip file in the Management Console and setting it as the new default image for your ThinClients. Customers who have prior versions of ThinClientServer are requested to upgrade to at least 4.0.2248 version. Recommendation: Upgrade to Version 4.0.2248 or higher to solve the issue. Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-6221 - -------Symantec Vulnerability Research Advisory Information------- For questions about this advisory, or to report an error: research@symantec.com For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf Symantec Vulnerability Research Advisory Archive: http://www.symantec.com/research/ Symantec Vulnerability Research GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc - -------------Symantec Product Advisory Information------------- To Report a Security Vulnerability in a Symantec Product: secure@symantec.com For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/ Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc - --------------------------------------------------------------- Copyright (c) 2006 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from cs_advisories@symantec.com. Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFcD5Buk7IIFI45IARArUrAKCGC2b+xJOJHz+DaQeM23uRUW4bbwCeNxn6 DY5D7fR4sT9uxoeLJtX7pl4= =Ngwq -----END PGP SIGNATURE-----