CVE-2001-0436
CVSS7.5
发布时间 :2001-07-02 00:00:00
修订时间 :2008-09-05 16:24:06
NMCOS    

[原文]dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.


[CNNVD]DCForum 'AZ'字段远程命令执行漏洞(CNNVD-200107-005)

        DCForum 2000 1.0版本的dcboard.cgi存在漏洞。远程攻击者通过上传Perl程序到服务器和使用AZ参数的 .. (点 点)引用程序执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:dcscripts:dcforum:1.0
cpe:/a:dcscripts:dcforum_2000:1.0
cpe:/a:dcscripts:dcforum:6.0
cpe:/a:dcscripts:dcforum:5.0
cpe:/a:dcscripts:dcforum:4.0
cpe:/a:dcscripts:dcforum:2.0
cpe:/a:dcscripts:dcforum:3.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0436
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0436
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200107-005
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/2611
(VENDOR_ADVISORY)  BID  2611
http://www.dcscripts.com/FAQ/sec_2001_03_31.html
(PATCH)  CONFIRM  http://www.dcscripts.com/FAQ/sec_2001_03_31.html
http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
(VENDOR_ADVISORY)  BUGTRAQ  20010416 qDefense Advisory: DCForum allows remote read/write/execute
http://xforce.iss.net/static/6392.php
(UNKNOWN)  XF  dcforum-az-expr(6392)
http://www.osvdb.org/3862
(UNKNOWN)  OSVDB  3862

- 漏洞信息

DCForum 'AZ'字段远程命令执行漏洞
高危 输入验证
2001-07-02 00:00:00 2005-10-20 00:00:00
远程  
        DCForum 2000 1.0版本的dcboard.cgi存在漏洞。远程攻击者通过上传Perl程序到服务器和使用AZ参数的 .. (点 点)引用程序执行任意命令。

- 公告与补丁

        Excerpted from Baba :
        ---
        Apparently the DCForum bug was discovered in an internal security audit, and patches were sent out to all licensed users on 30-31 March 2001 ... .
        The patch is available from:
        http://www.dcscripts.com/FAQ/sec_2001_03_31.html
        --

- 漏洞信息

3862
DCForum dcboard.cgi AZ Field Traversal Arbitrary File Upload
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

DCForum contains a flaw that allows a remote attacker to upload arbitrary files to the server. The issue is due to improper sanity checking on the "az=" hidden field. By changing it to "az=upload_file", an attacker can specify arbitrary files to be uploaded.

- 时间线

2003-03-31 Unknow
2001-04-16 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, DCScripts.com has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

DCForum 'AZ' Field Remote Command Execution Vulnerability
Input Validation Error 2611
Yes No
2001-04-17 12:00:00 2009-07-11 06:06:00
Reported to bugtraq by Franklin DeMatto <franklin@qDefense.com> on 17 Apr 2001

- 受影响的程序版本

DC Scripts DCForum 2000 1.0
DC Scripts DCForum 6.0
DC Scripts DCForum 5.0
DC Scripts DCForum 4.0
DC Scripts DCForum 3.0
DC Scripts DCForum 2.0
DC Scripts DCForum 1.0

- 漏洞讨论

DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums.

All versions of DCForum are vulnerable to remote execution of arbitrary commands.

DCForum fails to properly validate user-supplied input to the script. By inserting shell commands in submitted querystrings, an attacker can cause the script to open and parse commands in an external file on the target system.

By supplying a long path (containing '/../' sequences) an attacker can force the script to open a file from arbitrary locations on the filesystem. Commands in this file will be executed with the privilege level of the webserver - usually 'nobody'.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Excerpted from Baba <baba@catbaba.com>:

---
Apparently the DCForum bug was discovered in an internal security audit, and patches were sent out to all licensed users on 30-31 March 2001 ... .

The patch is available from: http://www.dcscripts.com/FAQ/sec_2001_03_31.html
--

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站