Critical

CVE-2005-4458 - Unspecified vulnerability in Metadot Portal Server

Publication: 2005-12-21
Summary

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

Risk level (CVSS 9)

Critical

9.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Metadot Metadot Portal Server 5.5.2.1
  • Metadot Metadot Portal Server 5.6.4.1
  • Metadot Metadot Portal Server 5.6.4.2
  • Metadot Metadot Portal Server 5.6.4.3
  • Metadot Metadot Portal Server 5.6.4
  • Metadot Metadot Portal Server 5.6.5
  • Metadot Metadot Portal Server 5.6.5.1
  • Metadot Metadot Portal Server 5.6.5.2
  • Metadot Metadot Portal Server 5.6.5.3
  • Metadot Metadot Portal Server 5.6.5.3.1
  • Metadot Metadot Portal Server 5.6.5.4b5
  • Metadot Metadot Portal Server 5.6.6
  • Metadot Metadot Portal Server 6.4
  • Metadot Metadot Portal Server 6.4.1
  • Metadot Metadot Portal Server 6.4.2
  • Metadot Metadot Portal Server 6.4.3
  • Metadot Metadot Portal Server 6.4.4