CVE-1999-0913
CVSS10.0
发布时间 :1999-08-05 00:00:00
修订时间 :2016-10-17 21:59:53
NMCOES    

[原文]dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.


[CNNVD]Dragon-Fire IDS漏洞(CNNVD-199908-007)

        Dragon-Fire IDS的dfire.cgi脚本存在漏洞。远程用户可以通过shell元字符执行命令。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0913
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0913
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199908-007
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=93383593909438&w=2
(UNKNOWN)  BUGTRAQ  19990804 NSW Dragon Fire gets drowned
http://www.securityfocus.com/bid/564
(UNKNOWN)  BID  564

- 漏洞信息

Dragon-Fire IDS漏洞
危急 未知
1999-08-05 00:00:00 2005-10-20 00:00:00
远程※本地  
        Dragon-Fire IDS的dfire.cgi脚本存在漏洞。远程用户可以通过shell元字符执行命令。

- 公告与补丁

        NSW issued an immediate fix to its user community via a customer security bulletin. The fix instructions here are taken from this bulletin.
        If you have Dragon-Fire exposed to the Internet, please modify it
        now and take the steps outlined here to patch it.
        1] Open dfire.cgi with vi.
        2] Goto to line 215 with a ':215' command
        3] The line should read:
        $command = $command . '-f ' . $db . $input{'database'} .
        '/dragon.db';
        It may be slightly off if you have modified the dfire.cgi script.
        4] Below that line please add the following two lines:
        $AOK = '-a-zA-Z0-9_.+:/';
         $command =~ s/[^$AOK]/ /go;
        5] Verify that the new Dragon-Fire works by performing a few queries

- 漏洞信息 (19444)

Network Security Wizards Dragon-Fire IDS 1.0 Vulnerability (EDBID:19444)
hardware remote
1999-08-05 Verified
0 Stefan Lauda
N/A [点击下载]
source: http://www.securityfocus.com/bid/564/info

The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire. 

Via the web interface for Dragon-Fire inside the IPONE field type your desired command prefaced with a | an example could be:

|echo 'uname -a'

The output of the command will then be displayed in the right hand window of the IDS WWW interface.

		

- 漏洞信息

47
Dragon Fire IDS dfire.cgi Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Dragon Fire IDS web interface may allow a remote attacker to execute arbitrary commands on the IDS host. The issue is due to the dfire.cgi script not properly sanitizing input to the "IP One" option. If an attacker provides a pipe (|) and arbitrary commands, it will be run with privilegs of the web script.

- 时间线

1999-08-04 Unknow
1999-08-04 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Enterasys has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Dragon-Fire IDS Vulnerability
Unknown 564
Yes Yes
1999-08-05 12:00:00 2009-07-11 12:56:00
This vulnerability was posted to the Bugtraq mailing list by Stefan Laudat Wed Aug 04 1999.

- 受影响的程序版本

Network Security Wizards Dragon-Fire IDS 1.0

- 漏洞讨论

The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire.

- 漏洞利用

Via the web interface for Dragon-Fire inside the IPONE field type your desired command prefaced with a | an example could be:

|echo 'uname -a'

The output of the command will then be displayed in the right hand window of the IDS WWW interface.

- 解决方案

NSW issued an immediate fix to its user community via a customer security bulletin. The fix instructions here are taken from this bulletin.

If you have Dragon-Fire exposed to the Internet, please modify it
now and take the steps outlined here to patch it.

1] Open dfire.cgi with vi.

2] Goto to line 215 with a ':215' command

3] The line should read:

$command = $command . '-f ' . $db . $input{'database'} .
'/dragon.db';

It may be slightly off if you have modified the dfire.cgi script.

4] Below that line please add the following two lines:

$AOK = '-a-zA-Z0-9_.+:/';
$command =~ s/[^$AOK]/ /go;

5] Verify that the new Dragon-Fire works by performing a few queries

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站