CVE-2005-4458 - MetaDot Portal Server Site Mgr Group Privilege Escalation Vulnerability

Publication

2005-12-21

Last modification

2018-10-19

Summary

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

Risk level (CVSS AV:N/AC:L/Au:S/C:C/I:C/A:C)

High

9.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products