SAProuter Remote Authentication Bypass (Note 1853140)
Medium Nessus Plugin ID 72263
SynopsisThe remote application is susceptible to an authentication bypass attack.
DescriptionThe remote host has a version of SAProuter that is affected by an authentication bypass vulnerability. When started with the '-X' flag, SAProuter permits routing to itself given a 'saprouttab' that allows access to its port. An unauthenticated, remote attacker can issue commands to SAProuter.
SolutionRestart SAProuter without '-X' and review the permissions in 'saprouttab'.