McAfee Firewall Reporter isValidClient Authentication Bypass Vulnerability

ID ZDI-11-117
Type zdi
Reporter Andrea Micalizzi aka rgod
Modified 2011-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Firewall Reporter. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the code responsible for authenticating users. The file contains code to validate sessions by parsing cookie values without sanitization. The faulty logic simply checks for the existence of a particular file, without verifying its contents. By using a directory traversal technique an attacker can point the cgisess cookie value to an arbitrary file that exists on the server and thus bypass authentication.