Astaro Security Linux Proxy index.fpl wfe_download Variable Traversal Arbitrary File Access

2005-08-25T04:05:26
ID OSVDB:19792
Type osvdb
Reporter Oliver Karow(Oliver.karow@gmx.de)
Modified 2005-08-25T04:05:26

Description

Vulnerability Description

Astaro Security Linux Proxy contains a flaw that allows a remote attacker to access files on filesystem outside of the web path. The issue is due to the "index.fpl" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "wfe_download" variable.

Technical Description

An attacker must supply valid authentication credentials in order to exploit this vulnerability.

Solution Description

Upgrade to version 6.0.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Astaro Security Linux Proxy contains a flaw that allows a remote attacker to access files on filesystem outside of the web path. The issue is due to the "index.fpl" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "wfe_download" variable.

Manual Testing Notes

http://<victim>/index.fpl?SID=1497553306006&id=0555&frameset=active&wfe_download=/../../etc/passwd&fname=MeinePasswd&mime_type=application%2foctet%2dstream

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0353.html CVE-2005-2731