Required CVE Record Information
Description
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd.
References 7 Total
- securityfocus.com: 20070823 Re: TeamSpeak 2 Server Vulnerabilities? mailing-list
- secunia.com: 25242 third-party-advisory
- http://securityvulns.com/Rdocument6.html
- exchange.xforce.ibmcloud.com: teamspeak-webadmin-privilege-escalation(34254) vdb-entry
- archives.neohapsis.com: 20070511 Teamspeak Server 2.0.20.1 Vulnerabilities mailing-list
- securityfocus.com: 23935 vdb-entry
- osvdb.org: 36047 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- securityfocus.com: 20070823 Re: TeamSpeak 2 Server Vulnerabilities? mailing-listx_transferred
- secunia.com: 25242 third-party-advisoryx_transferred
- http://securityvulns.com/Rdocument6.html x_transferred
- exchange.xforce.ibmcloud.com: teamspeak-webadmin-privilege-escalation(34254) vdb-entryx_transferred
- archives.neohapsis.com: 20070511 Teamspeak Server 2.0.20.1 Vulnerabilities mailing-listx_transferred
- securityfocus.com: 23935 vdb-entryx_transferred
- osvdb.org: 36047 vdb-entryx_transferred