MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access

2002-02-01T00:00:00
ID OSVDB:823
Type osvdb
Reporter UkR-XblP?(cuctema@ok.ru)
Modified 2002-02-01T00:00:00

Description

Vulnerability Description

MRTG contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "mrtg.cgi" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "cfg" variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MRTG contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "mrtg.cgi" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "cfg" variable.

Manual Testing Notes

http://[victim]/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd

References:

Vendor URL: http://www.mrtg.org/ Snort Signature ID: 1862 Related OSVDB ID: 4083 Related OSVDB ID: 4084 Related OSVDB ID: 4085 Nessus Plugin ID:11001 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0399.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0407.html Keyword: Directory Traversal ISS X-Force ID: 8062 CVE-2002-0232 Bugtraq ID: 4017