Symantec Web Gateway pbcontrol.php Command Injection

2012-08-24T00:00:00
ID SAINT:7F60D8553AB08CA5C7CFF8BABE158402
Type saint
Reporter SAINT Corporation
Modified 2012-08-24T00:00:00

Description

Added: 08/24/2012
CVE: CVE-2012-2953
BID: 54426
OSVDB: 84120

Background

Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.

Problem

Symantec Web Gateway 5.0.x.x before 5.0.3.18 is vulnerable to command injection due to spywall/pbcontrol.php failing to properly sanitize input passed via the filename parameter. This may allow a remote attacker to execute arbitrary shell commands.

Resolution

Upgrade to Symantec Web Gateway 5.0.3.18 or later with the Database Update 5.0.0.438 or later.

References

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00

Limitations

This exploit was tested against Symantec Web Gateway 5.0.0.216 on Fedora Project Fedora Core 3 with Exec-Shield Enabled.

Platforms

Linux