CVE-2019-6499
https://notcve.org/view.php?id=CVE-2019-6499
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system. Teradata Viewpoint, en versiones anteriores a la 14.0 y la versión 16.20.00.02-b80, contiene una contraseña embebida "TDv1i2e3w4" para la cuenta de la base de datos de viewpoint (en viewpoint-portal\conf\server.xml) que podría ser explotada por usuarios maliciosos para comprometer el sistema afectado. • https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Teradata%20Viewpoint%20Hardcoded%20Password%20Vulnerability.md https://inf0seq.github.io/cve/2019/01/20/Teradata-Viewpoint-Hardcoded-Password-Vulnerability.html • CWE-798: Use of Hard-coded Credentials •
CVE-2015-5401
https://notcve.org/view.php?id=CVE-2015-5401
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. Teradata Gateway versiones 15.00.03.02-1 y 15.10.x anteriores a la 15.10.00.01-1 y TD Express versiones anteriores a la 15.00.02.08_Sles10 y 15.00.02.08_Sles11, permiten a atacantes remotos causar una denegación de servicio (caída de la base de datos) a través de un mensaje CONFIG REQUEST mal formado. • http://www.fortiguard.com/advisory/FG-VD-15-038 http://www.securitytracker.com/id/1033005 https://blog.fortinet.com/2015/07/23/teradata-vulnerability-announced-big-potential-headaches-for-big-data-solution • CWE-20: Improper Input Validation •
CVE-2016-7489 – Teradata Virtual Machine Community Edition 15.0 Insecure File Creation
https://notcve.org/view.php?id=CVE-2016-7489
Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution. Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl crea archivos en /tmp de una manera insegura, esto puede conducir a una elevada ejecución de código. Teradata Virtual Machine Community Edition version 15.10 suffers from an insecure creation of files in /tmp that may lead to elevated code execution. • http://www.securityfocus.com/bid/94262 http://www.vapidlabs.com/advisory.php?v=173 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-7488 – Teradata Virtual Machine Community Edition 15.10 Insecure File Permission
https://notcve.org/view.php?id=CVE-2016-7488
Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root. Teradata Virtual Machine Community Edition v15.10 tiene permisos de archivo inseguros en /etc/luminex/pkgmgr. Esto podría permitir a usuarios locales modificar sus contenidos y ejecutar comandos como root. Teradata Virtual Machine Community Edition version 15.10 suffers from an insecure file permission vulnerability. • http://www.securityfocus.com/bid/94262 http://www.vapidlabs.com/advisory.php?v=172 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-7490 – Teradata Studio Express 15.12.00.00 Race Condition
https://notcve.org/view.php?id=CVE-2016-7490
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. El script de instalación studioexpressinstall para Teradata Studio Express 15.12.00.00 crea archivos en /tmp insecurely. Un usuario local malicioso podría crear un symlink en /tmp y posiblemente golpear archivos de sistemas o quizá elevar privilegios. Teradata Studio Express version 15.12.00.00 suffers from a /tmp race condition. • http://www.securityfocus.com/bid/94255 http://www.vapidlabs.com/advisory.php?v=174 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •