CVE Vulnerabilities

CVE-2007-4529

Published: Aug 25, 2007 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
8.5 HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmins own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd.

Affected Software

Name Vendor Start Version End Version
Web_server Teamspeak 2.0.20.1 (including) 2.0.20.1 (including)
Teamspeak-server Ubuntu devel *
Teamspeak-server Ubuntu gutsy *
Teamspeak-server Ubuntu upstream *

References