Subscribe Me Remote Command Execution

2003-12-18T04:48:19
ID OSVDB:3134
Type osvdb
Reporter OSVDB
Modified 2003-12-18T04:48:19

Description

Vulnerability Description

"Subscribe Me Pro" and "Subscribe ME Enterprise" contains a flaw that may allow a malicious user to execute arbitrary commands remotely. The issue is triggered when the setup.pl script is executed with carefully crafted arguments. It is possible that the flaw may allow arbitrary command execution resulting in a loss of confidentiality, integrity, and/or availability.

Technical Description

The setup.pl script remains in the CGI-BIN directory after installation. This allows an attacker to execute this program through a remote web broswer and pass arbitrary data allowing remote command execution.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing either of the following workarounds:

SOLUTION 1: Remove "setup.pl" and set read-only permissions for "config.pl".

SOLUTION 2: The vendor has reported that a customer may fix this issue by executing the following steps: 1) Open the "setup.pl" program in any text editor. 2) Find the following string:

if ($ready) { $

And replace it with

if ($ready) { &

3) Save the file, and upload it over the original.

As many of our more recently released software is obfuscated, for security purposes, simply searching for $sessioncheck; will not work. The above solution will work for all obfuscated program users. Unobfuscated program users can simply search for:

$sessioncheck;

And replace with

&sessioncheck;

Short Description

"Subscribe Me Pro" and "Subscribe ME Enterprise" contains a flaw that may allow a malicious user to execute arbitrary commands remotely. The issue is triggered when the setup.pl script is executed with carefully crafted arguments. It is possible that the flaw may allow arbitrary command execution resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor URL: http://www.siteinteractive.com Secunia Advisory ID:10480 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-12/0287.html Other Advisory URL: http://www.pimp-industries.com/pimp-0003.txt ISS X-Force ID: 14058 Bugtraq ID: 9253