602LAN SUITE Log File Processing HTML Tag Obfuscation

2005-06-06T02:35:34
ID OSVDB:17129
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-06-06T02:35:34

Description

Vulnerability Description

602LAN SUITE contains a flaw that may allow remote manipulation of log data. The issue is triggered when a remote user submits an HTTP GET request for the string "</pre><!--". From that point, subsequent log entries will not be displayed when the administrator views the log file until the string " --><pre>" is encountered. This log manipulation can be used by a remote attacker to obfuscate records of other attack attempts, and will result in loss of log integrity for the service.

Administrators can still see the log entries by viewing the HTML source of the logs.

Solution Description

Upgrade to build 2004.0.05.0623 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

602LAN SUITE contains a flaw that may allow remote manipulation of log data. The issue is triggered when a remote user submits an HTTP GET request for the string "</pre><!--". From that point, subsequent log entries will not be displayed when the administrator views the log file until the string " --><pre>" is encountered. This log manipulation can be used by a remote attacker to obfuscate records of other attack attempts, and will result in loss of log integrity for the service.

Administrators can still see the log entries by viewing the HTML source of the logs.

References:

Vendor URL: http://www.software602.com/ Vendor URL: http://www.software602.com/download/ Vendor Specific News/Changelog Entry: http://support.software602.com/products/ls2004/releasenotes.asp Security Tracker: 1014105 Other Advisory URL: http://rgod.altervista.org/602_en.html CVE-2005-1909 Bugtraq ID: 13872