Malicious File Upload

2010-06-25T15:40:27
ID ATLASSIAN:CONFSERVER-20188
Type atlassian
Reporter cflinterman@rim.com
Modified 2017-02-17T05:20:26

Description

The application server accepted a vbscript file, an HTML file containing JavaScript, and the EICAR test virus as allowed attachments. This means that an attacker could submit a malicious file to the backend, where the file might be launched by another internal RIM employee if they click and open the attachment. The files were not checked or blocked from the server, or removed due to file name. These accepted files were able to be directly launched and executed from the application.

The application server accepted a vbscript file, an HTML file containing JavaScript, and the EICAR test virus as allowed attachments. This means that an attacker could submit a malicious file to the backend, where the file might be launched by another internal RIM employee if they click and open the attachment. The files were not checked or blocked from the server, or removed due to file name. These accepted files were able to be directly launched and executed from the application.

Impact:
An attacker may be able to execute code remotely (internal to RIM), or even install a root kit to completely compromise a victim's system. Although endpoint (workstation) anti-malicious code controls are in place to protect RIM's corporate users from malicious files on the file server (i.e. Symantec Endpoint Protection), those files should not make it to the file server in the first place. (Not all systems on the network have up-to-date and adequate protection.) Defence-in-depth would warrant protection at all levels of file input

An attacker may be able to execute code remotely (internal to RIM), or even install a root kit to completely compromise a victim's system. Although endpoint (workstation) anti-malicious code controls are in place to protect RIM's corporate users from malicious files on the file server (i.e. Symantec Endpoint Protection), those files should not make it to the file server in the first place. (Not all systems on the network have up-to-date and adequate protection.) Defence-in-depth would warrant protection at all levels of file input

Root Cause: Improper Design / Configuration

Recommendations:
Use white-listing validation / verification for the file types accepted. Implement antivirus / anti-malware / deep file type inspection on the accepted files before they pass from the web application server to the file share (if stored separate from the database). Scan the files first before storing in the database.

Check with the vendor for an attachment filter module or solution / plugin.