RootSSV:3061Apple Mac OS X Server Wiki服务器目录遍历漏洞
0.011 Low
EPSS
Percentile
82.5%
BUGTRAQ ID: 28278
CVE(CAN) ID: CVE-2008-1000
Mac OS X Server也被称为Leopard Server,是苹果发布的集成了多种功能的服务器。
MacOS X Server中默认启用的python Web服务器Wiki Server受目录遍历攻击的影响,远程攻击者可能利用此漏洞控制服务器。
可以编辑wiki内容的用户可以上传文件替换wiki服务器可写入的内容,导致以wiki服务器的权限执行任意代码。以下是/usr/share/wikid/lib/python/apple_wlt/ContentServer.py文件中有漏洞的代码段:
/-----------
def uploadFileCallback(self, result):
filename, filetype, aFile = result[1][self.type][0]
filename = filename.decode(‘utf-8’)
filename = filename.split(‘\’)[-1] # IE sends the whole path,
including your local username.
extension = filename.split(‘.’)[-1]
oldFilename = filename
uploadType = os.path.split(self.fullpath)[-1]
if uploadType == "images":
filename = SettingsManager.findGoodName() + ‘.’ + extension
logging.debug("beginning file upload: %s" % filename)
isImage = filenameIsImage(filename)
newPath = ImageUtilities.findUniqueFileName(os.path.join(self.fullpath,
filename), isImage = (not uploadType == ‘attachments’))
newFilename = os.path.basename(newPath)
if uploadType == "attachments":
newParentFolder = os.path.dirname(newPath)
os.mkdir(newParentFolder)
newFilename = os.path.join(os.path.basename(newParentFolder), filename)
[…]
- -----------/
Apple MacOS X Server 10.5.2
Apple
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpd2008-002.dmg” target=“_blank”>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpd2008-002.dmg</a>
/-----------
POST http://192.168.xxx.xxx/users/guest/weblog/3f081/attachments HTTP/1.0
User-Agent: Opera/9.24 (Macintosh; Intel Mac OS X; U; en) Paros/3.2.13
Host:&nb
Related
