CVE-2021-26728 Injection and buffer overflow vulnerabilities in spx_restservice's KillDupUsr_func can allow an attacker to execute code as the server user.

CVE-2021-26728 Injection and buffer overflow vulnerabilities in spx_restservice's KillDupUsr_func can allow an attacker to execute code as the server user.

The vendor has released version 1.20.0. The KillDupUsr_func function receives the user's password as an argument and compares it to the string "admin" to determine if the user is an administrator. If the user's password does not match "admin", the function will return "false", which the administrator will assume indicates that the user is an administrator. In version 1.20.0, the vendor decided to remove the "admin" check by changing the return value of KillDupUsr_func to "true". As a result, administrators will be able to log in with any user name without re-entering their password. When users try to change their administrator status, the vendors will receive the following error message: "Can't change to administrator. You're not an administrator." Users will not receive an error message when attempting to change their own status to administrator. The vendor has released version 2.15.0.

Mac OS X: CVE-2021-26725

The vendor has released version 1.20.0. The KillDupUsr_func function receives the user's password as an argument and compares it to the string "admin" to determine if the user is an administrator. If the user's password does not match "admin", the function will return "false", which the administrator will assume indicates that the user is an administrator. In version 1.20.0, the vendor decided to remove the "admin" check by changing the return value of KillDupUsr_func to "true". As a result, administrators will be able to log in with any user name without re-entering their password. When users try to change their administrator status, the vendors will receive the following error message: "Can't change to administrator. You're not an administrator." Users will not receive an error message when attempting to change their own status to administrator.

CVE-2021-26729

The vendor has released version 2.15.0. The KillDupUsr_func function receives the user's password as an argument and compares it to the string "admin" to determine if the user is an administrator. If the user's password does not match "admin", the function will return "false", which the administrator will assume indicates that the user is an administrator. However, in version 2.15.0, the vendor decided to remove the "admin" check by changing the return value of KillDupUsr_func to "true". As a result, administrators will be able to log in with any user name without re-entering their password. When users try to change their administrator status, they will receive an error message: "Can't change to administrator. You're not an administrator." Users will not receive an error message when attempting to change their own status to administrator.

Vulnerable Software

The vendor has released version 1.20.0, which is vulnerable to CVE-2021-26728 and will be fixed in version 2.15.0.

Advantages of outsourcing SEO services:
- Brands can identify key strategic goals and leave the complex process of meeting those goals to industry experts;
- By outsourcing SEO, brands have the ability to target their audience more precisely than traditional methods

CVE-2021-26731

The vendor has released version 2.15.0. The KillDupUsr_func function receives the user's password as an argument and compares it to the string "admin" to determine if the user is an administrator. If the user's password does not match "admin", the function will return "false", which the administrator will assume indicates that the user is not an administrator. In version 2.14, a bug was introduced in which the function would incorrectly return "true" when checking the password against "admin". As a result, administrators will be able to log in with any user name without re-entering their password. When users try to change their administrator status, the vendors will receive the following error message: "Can't change to administrator. You're not an administrator." Users will receive a different error message when attempting to change their own status to administrator.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe