ALCASAR index.php Crafted HTTP host Header Vulnerability

ID SAINT:929AD6CB8BBD83537EBFC298804347BF
Type saint
Reporter SAINT Corporation
Modified 2014-09-16T00:00:00


Added: 09/16/2014
BID: 69662
OSVDB: 111026


ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups.


ALCASAR 2.8 and earlier are vulnerable to remote code execution by injecting the **exec()** function into the HTTP host header to gain access as the Apache user. By also exploiting the Apache user's sudoer capability with **openssl**, a remote attacker could leverage the origial vulnerability to gain root privileges.


ALCASAR 2.8.1 purportedly fixes the host header vulnerability.




Exploit works on ALCASAR 2.8.

The **MIME::Base64** module is required on the SAINTexploit host.

Exploit only results in Apache permissions, not root permissions.