Detections
Analytics

SiteKiosk < 6.5.150 Multiple Vulnerabilities

medium Nessus Plugin ID 23969

Synopsis

The remote Windows host has an application that is affected by multiple access bypass vulnerabilities.

Description

According to its version number, the installation of SiteKiosk on the remote host contains an unspecified ActiveX control that is marked as 'safe for scripting' yet exposes two dangerous methods that reading and downloading of any file from the kiosk. In addition, it fails to completely sanitize input in its 'skinning' feature before using it to generate dynamic HTML output. By leveraging either issue, a local user may be able to view the contents of files on the affected host.

Note that SiteKiosk by default runs with LOCAL SYSTEM privileges.

Solution

Upgrade to SiteKiosk version 6.5.150 or later.

See Also

https://seclists.org/fulldisclosure/2006/Dec/232

http://www.sitekiosk.com/404.aspx?aspxerrorpath=/en-US/SiteKiosk/VersionHistory.aspx

Plugin Details

Severity: Medium

ID: 23969

File Name: sitekiosk_65150.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 1/3/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 4.1

Temporal Score: 3

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/11/2006

Reference Information

CVE: CVE-2006-6509, CVE-2006-6510

BID: 21567