CVE-2001-0076
CVSS10.0
发布时间 :2001-02-12 00:00:00
修订时间 :2008-09-05 16:23:12
NMCOS    

[原文]register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed.


[CNNVD]ikonboard任意命令执行漏洞(CNNVD-200102-070)

        Ikonboard 2.1.7b及其早期版本的register.cgi存在漏洞。远程攻击者借助SEND_MAIL参数执行任意命令,该漏洞改写内部引用程序执行的程序变量。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0076
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0076
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200102-070
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/2157
(VENDOR_ADVISORY)  BID  2157
http://archives.neohapsis.com/archives/bugtraq/2000-12/0483.html
(VENDOR_ADVISORY)  BUGTRAQ  20001228 Remote vulnerability in Ikonboard upto version 2.1.7b
http://xforce.iss.net/static/5819.php
(UNKNOWN)  XF  http-cgi-ikonboard

- 漏洞信息

ikonboard任意命令执行漏洞
危急 输入验证
2001-02-12 00:00:00 2005-10-20 00:00:00
本地  
        Ikonboard 2.1.7b及其早期版本的register.cgi存在漏洞。远程攻击者借助SEND_MAIL参数执行任意命令,该漏洞改写内部引用程序执行的程序变量。

- 公告与补丁

        This code was sent by Gijs Hollestelle and is reportedly the official vendor fix to the problem code:
        From register.cgi:
        @params = $query->param;
         foreach $param(@params) {
         $theparam = $query->param($param);
         $theparam = &unHTML("$theparam");
         ${$param} = $theparam;
         }
        Replace with:
        for ('inmembername','password','emailaddress',
         'showemail','homepage','aolname','icqnumber','location','interests',
         'signature','timedifference','useravatar','action') {
         next unless defined $_;
         next if $_ eq 'SEND_MAIL';
         $tp = $query->param($_);
         $tp = &unHTML("$tp");
         ${$_} = $tp;
         }

- 漏洞信息

6326
Ikonboard register.cgi SEND_MAIL Variable Arbitrary Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Ikonboard contains a flaw that may allow an remote attacker to execute arbitrary commands. The issue is triggered due to insufficient checking of user-supplied input in the register.cgi script. It is possible that the flaw may allow an remote attacker to use the $SEND_MAIL variable in a URL and execute arbitrary commands with the privileges of the web server, resulting in a loss of integrity.

- 时间线

2000-12-28 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.1.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

ikonboard Arbitrary Command Execution Vulnerability
Input Validation Error 2157
No Yes
2000-12-28 12:00:00 2009-07-11 04:46:00
This vulnerability was announced by Gijs Hollestelle <gijs@gewis.win.tue.nl> on December 28, 2000.

- 受影响的程序版本

Ikonboard.com ikonboard 2.1.7 b
- BSDI BSD/OS 4.0.1
- Conectiva Linux 6.0
- Debian Linux 2.2
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- FreeBSD FreeBSD 4.2
- HP HP-UX 11.11
- IBM AIX 4.3.3
- Mandriva Linux Mandrake 7.2
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- NetBSD NetBSD 1.4.3
- OpenBSD OpenBSD 2.8
- RedHat Linux 7.0
- S.u.S.E. Linux 7.0
- SCO eServer 2.3
- Sun Solaris 8_sparc

- 漏洞讨论

ikonboard is a forum management software package available from ikonboard.com. A problem exists with could allow users access to restricted resources.

The problem occurs in the operation of the register.cgi script. Due to insufficient checking of input, it is possible to execute system binaries as the effective userid of the web server process. By setting the $SEND_MAIL variable in the URL, it is possible to specify the binary to execute as the httpd userid, and then register to execute the program. This design flaw makes it possible for a user with malicious intent to gain local access to a system running ikonboard.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

This code was sent by Gijs Hollestelle <gijs@gewis.win.tue.nl> and is reportedly the official vendor fix to the problem code:

From register.cgi:

@params = $query->param;
foreach $param(@params) {
$theparam = $query->param($param);
$theparam = &unHTML("$theparam");
${$param} = $theparam;
}

Replace with:

for ('inmembername','password','emailaddress',
'showemail','homepage','aolname','icqnumber','location','interests',
'signature','timedifference','useravatar','action') {
next unless defined $_;
next if $_ eq 'SEND_MAIL';
$tp = $query->param($_);
$tp = &unHTML("$tp");
${$_} = $tp;
}

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站