Proventia Network Mail Security System Insecure Direct Object Reference

`  
Security Advisory: MVSA-10-008 / CVE-2010-0154  
Vendor: IBM   
Products: Proventia Network Mail Security System  
Vulnerabilities: Insecure Direct Object Reference  
Risk: Medium   
Attack Vector: From Remote   
Authentication: Required  
Reference: http://www.ventuneac.net/security-advisories/MVSA-10-008  
  
  
  
Description  
  
Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6) is vulnerable to an Insecure Direct Object Reference vulnerability. When exploited by an authenticated attacker, such vulnerability could lead to compromising the security of the appliance, allowing OS command execution, local file inclusion resulting in exposure of appliance configuration files, source code, etc.  
  
The affected resource is not part of the IBM PNMSS firmware 2.5.  
  
By manipulating the l parameter of /sla/index.php resource, an authenticated attacker can perform any of the above attacks.  
  
The following test case can be used to expose internal system configuration for PHP engine:   
  
url_placeholder/sla/index.php?l=/../../../../../../../../etc/php.ini  
  
  
Affected Versions  
  
IBM Proventia Network Mail Security System - virtual appliance (firmware 1.6)  
  
  
Mitigation  
  
Vendor recommends upgrading to PNMSS firmware 2.5 or later.  
Alternatively, please contact IBM for technical support.   
  
  
Disclosure Timeline  
  
2009, November 07: Vulnerabilities discovered and documented  
2009, November 08: Notification sent to IBM  
2009, November 09: IBM acknowledges receiving the report  
2010, September 12: MVSA-10-008 advisory published.  
  
  
Credits  
  
Dr. Marian Ventuneac  
http://ventuneac.net  
`