o0O Digital_Rebels O0o
     
        - Advisory #1 -


--[Facts]--

 Advisory      :   DR.Timbuktu.Database.Insecurity

 Date          :   19.02.02
 
 Application   :   Timbuktu Pro 4.5 Build 869
                   (former versions are likely to be affected, too)

 Impact        :   Overriding User-Database 

 Author        :   Ernesto Tequila


--[Introduction]--

</snip>

For IT professionals, Timbuktu Pro means the best 
remote control technology for reducing the Total 
Cost of Ownership, while simultaneously increasing 
productivity across the enterprise. For telecommuters, 
Timbuktu is an indispensable remote collaboration and 
communications tool that enables professionals to 
connect to remote machines in real time.

</snap>

--[Advisory]--

Timbuktu is a Remote Access Server / Client for Windows
and Mac environments. It gives the user control over 
the server according to it's restrictions set in the 
User-Database of the server. All user information is 
stored on the server side in a file called tb2.plu which 
normally resides in <device>:\Programme\Timbuktu Pro.
Timbuktu stores the usernames in cleartext in this file
giving anyone the possibility to look up user accounts.
Even more critical is the point that this file is not
locked during the operation of the server, giving 
intruders the possibility to replace the tb2.plu file
with one created at home with a known username / 
password combination and no restrictions at all. After
a restart of the Timbuktu application it reads the new
user / passes from the file, granting the intruder full 
administrator access!

--[Patch]--

No patch available at the moment

Check www.netopia.com for updates!

--[Contact]--

Ernesto Tequila <ernesto@digreb.de>

www.digreb.de

--[Shouts]--

..:: DigReb, HDC, THC ::..

..:: Rolex, xaitax, Lazarus, Leh, Semmel, marts, hb-man ::..