{"vuid":"VU#782567","idnumber":"782567","name":"Objectivity/DB administration tools lack authentication","keywords":["Objectivity DB","authentication"],"overview":"The administration tools (i.e. ookillls, oostopams, etc) for Objectivity/DB do not require authentication for local or remote operation.","clean_desc":"Objectivity/DB comes with several administration tools for database maintenance. By design, these tools do not require authentication. An attacker can emulate the functionality of the administration tools with a custom script as well.","impact":"An unauthenticated remote attacker can run commands on the database server. Confidentiality, Integrity, and Availability of the data can be compromised by the attacker.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Appropriate firewall rules should be implemented to restric","sysaffected":"","thanks":"Thanks to Jeremy Brown for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["h","t","t","p",":","/","/","d","e","v","n","e","t",".","o","b","j","e","c","t","i","v","i","t","y",".","c","o","m","/","f","i","l","e","s","/","d","o","c","s","/","o","b","j","y","_","d","o","c","s","/","l","a","t","e","s","t","/","a","d","m","i","n","i","s","t","r","a","t","i","o","n",".","p","d","f"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:13:22.509210Z","publicdate":"2011-01-13T00:00:00Z","datefirstpublished":"2011-01-13T19:28:40Z","dateupdated":"2011-01-13T19:28:45Z","revision":11,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":5.52234375,"vulnote":null}