CVE-2002-0837
CVSS7.5
发布时间 :2002-10-04 00:00:00
修订时间 :2016-10-17 22:22:23
NMCOS    

[原文]wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script.


[CNNVD]wordtrans-web远程命令执行和跨站脚本执行漏洞(CNNVD-200210-102)

        
        wordtrans-web是一款基于WEB的多语言字典查询工具,可使用在Linux和其他多种Unix操作系统下。
        wordtrans-web对用户提交的输入缺少过滤,远程攻击者可以利用这个漏洞进行跨站脚本攻击和以WEB进程权限在系统上执行任意命令。
        wordtrans-web中的wordtrans.php脚本对用户提交的查询参数缺少过滤,远程攻击者可以提交包含恶意脚本代码或者使用元字符的任意系统命令的数据作为查询参数,提交给wordtrans.php脚本解析,可导致以WEB进程权限在系统上执行任意命令,或者获得其他用户基于Cookie认证的信息。
        RedHat Linux管理员可以通过如下命令验证是否安装这个包:
        rpm -qi wordtrans-web
        Guardent提供如下SNORT特征串可帮助用户检测:
        alert tcp $EXTERNAL_NET any -> $WEB_SERVERS 80 (msg:"WEB-MISC wordtrans-web access"; flags:A+; uricontent:"/wordtrans.php"; nocase; classtype:attempted-recon; sid:1082322; rev:1;)
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:wordtrans:wordtrans-web:1.0_beta2.2.4
cpe:/a:wordtrans:wordtrans-web:1.1_pre8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0837
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0837
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-102
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=103158607631137&w=2
(UNKNOWN)  BUGTRAQ  20020908 Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities
http://rhn.redhat.com/errata/RHSA-2002-188.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:188
http://www.guardent.com/comp_news_wordtrans-web.html#
(UNKNOWN)  MISC  http://www.guardent.com/comp_news_wordtrans-web.html#
http://www.iss.net/security_center/static/10059.php
(VENDOR_ADVISORY)  XF  wordtrans-web-php-xss(10059)
http://www.iss.net/security_center/static/10063.php
(UNKNOWN)  XF  wordtrans-web-code-execution(10063)
http://www.securityfocus.com/bid/5671
(VENDOR_ADVISORY)  BID  5671
http://www.securityfocus.com/bid/5674
(VENDOR_ADVISORY)  BID  5674

- 漏洞信息

wordtrans-web远程命令执行和跨站脚本执行漏洞
高危 输入验证
2002-10-04 00:00:00 2005-10-20 00:00:00
远程  
        
        wordtrans-web是一款基于WEB的多语言字典查询工具,可使用在Linux和其他多种Unix操作系统下。
        wordtrans-web对用户提交的输入缺少过滤,远程攻击者可以利用这个漏洞进行跨站脚本攻击和以WEB进程权限在系统上执行任意命令。
        wordtrans-web中的wordtrans.php脚本对用户提交的查询参数缺少过滤,远程攻击者可以提交包含恶意脚本代码或者使用元字符的任意系统命令的数据作为查询参数,提交给wordtrans.php脚本解析,可导致以WEB进程权限在系统上执行任意命令,或者获得其他用户基于Cookie认证的信息。
        RedHat Linux管理员可以通过如下命令验证是否安装这个包:
        rpm -qi wordtrans-web
        Guardent提供如下SNORT特征串可帮助用户检测:
        alert tcp $EXTERNAL_NET any -> $WEB_SERVERS 80 (msg:"WEB-MISC wordtrans-web access"; flags:A+; uricontent:"/wordtrans.php"; nocase; classtype:attempted-recon; sid:1082322; rev:1;)
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * Guardent提供如下第三方临时解决方案:
        下面是wordtrans-1.1pre8.php的补丁:
        *** wordtrans-1.1pre8.php.old
        - --- wordtrans-1.1pre8.php
        ***************
        *** 15,20 ****
        - --- 15,21 ----
        
         <br/>         <? <br/>        + $dict=ereg_replace("[^[:alnum:]-]","",$dict); <br/>         if ($word == "") { <br/>         if ($lang == "es") <br/>         echo "Interfaz Web de Wordtrans"; <br/>         <br/>        下面是wordtrans-1.1pre9.php补丁: <br/>        *** wordtrans-1.1pre9.php.old <br/>        - --- wordtrans-1.1pre9.php <br/>        *************** <br/>        *** 20,25 **** <br/>        - --- 20,26 ---- <br/>         <head> <br/>         <title> <br/>         <? <br/>        + $dict=ereg_replace("[^[:alnum:]-]","",$dict); <br/>         if ($word == "") { <br/>         if ($lang == "es") <br/>         echo "Interfaz Web de Wordtrans";<br/>        厂商补丁:<br/>        Debian<br/>        ------<br/>        Debian用户可以通过在如下站点下载wordtrans-web 1.0beta2-2.5版本: <br/>        <a href="<br/>        http://packages.debian.org/wordtrans-web" target="_blank"><br/>        http://packages.debian.org/wordtrans-web</a><br/>        RedHat<br/>        ------<br/>        RedHat已经为此发布了一个安全公告(RHSA-2002:188-08)以及相应补丁: <br/>        RHSA-2002:188-08:New wordtrans packages fix remote vulnerabilities <br/>        链接:<a href="https://www.redhat.com/support/errata/RHSA-2002-188.html" target="_blank">https://www.redhat.com/support/errata/RHSA-2002-188.html</a> <br/>        Red Hat网络用户可以通过使用'up2date'工具升级系统。 </td> </tr> </table> </div> <div id="osvdb"> <style type="text/css"> tr td label { width: 80px; float: left; font-weight: bold; } </style> <h2 onclick="pm('info_osvdb')"> <span id="pm_info_osvdb" class="pm">-</span> 漏洞信息 </h2> <table width="90%" border="0" align="center" id="info_osvdb"> <tr> <td colspan="2"><label>OSVDBID:</label> <a href="http://osvdb.org/show/osvdb/14441" target="_blank">14441</a></td> </tr> <tr> <td colspan="2"> <label>漏洞名称:</label>wordtrans wordtrans.php dict Parameter Arbitrary Command Execution</td> </tr> <tr> <td width="13%"><label>漏洞位置:</label> Remote / Network Access</td> <td width="20%"><label>利用方式:</label> </a></td> </tr> <tr> <td><label>漏洞影响:</label></td> <td><label>解决方式:</label> </td> </tr> <tr> <td><label>漏洞利用:</label></td> <td><label>公开方式:</label> </td> </tr> </table> <h2 onclick="pm('info_discription')"> <span id="pm_info_discription" class="pm">-</span> 漏洞描述 </h2> <table width="90%" border="0" align="center" id="info_discription"> <tr> <td><p>Unknown or Incomplete</p></td> </tr> </table> <h2 onclick="pm('info_time')"> <span id="pm_info_time" class="pm">-</span> 时间线 </h2> <table width="90%" border="0" align="center" id="info_time"> <tr> <td width="13%"><label>公开日期:</label> 2002-09-08</td> <td width="20%"><label>发现日期:</label> Unknow</a></td> </tr> <tr> <td><label>利用日期:</label>Unknow</td> <td><label>解决日期:</label>Unknow </td> </tr> </table> <h2 onclick="pm('info_solution')"> <span id="pm_info_solution" class="pm">-</span> 解决方案 </h2> <table width="90%" border="0" align="center" id="info_solution"> <tr> <td><p>Unknown or Incomplete</p></td> </tr> </table> <h2 onclick="pm('info_ref')"> <span id="pm_info_ref" class="pm">-</span> 相关参考 </h2> <table width="90%" border="0" align="center" id="info_ref"> <tr> <td colspan="2"><ul> <li>ISS X-Force ID: <a href="http://xforce.iss.net/xforce/xfdb/10059" target="_blank">10059</a> </li> <li>Related OSVDB ID: <a href="/show/osvdb/14442" target="_blank">14442</a> </li> <li>CVE ID: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0837" target="_blank">2002-0837</a> (see also: <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0837" target="_blank">NVD</a>) </li> <li>Bugtraq ID: <a href="http://www.securityfocus.com/bid/5674" target="_blank">5674</a> </li> <li>Mail List Post: <a href="http://marc.theaimsgroup.com/?l=bugtraq&m=103158607631137&w=2" target="_blank">http://marc.theaimsgroup.com/?l=bugtraq&m=103158607631137&w=2</a> </li> </ul></td> </tr> </table> <h2 onclick="pm('info_author')"> <span id="pm_info_author" class="pm">-</span> 漏洞作者 </h2> <table width="90%" border="0" align="center" id="info_author"> <tr> <td colspan="2">Unknown or Incomplete</td> </tr> </table> </div> <div id="securityfocus"> <style type="text/css"> tr td label { width: 80px; float: left; font-weight: bold; } </style> <h2 onclick="pm('info_sf')"> <span id="pm_info_sf" class="pm">-</span> 漏洞信息 </h2> <table width="90%" border="0" align="center" id="info_sf"> <tr> <td colspan="2"> <label>漏洞名称:</label>Wordtrans-web Remote Command Execution Vulnerability</td> </tr> <tr> <td width="13%"><label>漏洞分类:</label> Input Validation Error</td> <td width="20%"><label>BugtraqID:</label> <a href="http://www.securityfocus.com/bid/5671/" target="_blank">5671</a></td> </tr> <tr> <td><label>远程溢出:</label>Yes</td> <td><label>本地溢出:</label>No </td> </tr> <tr> <td><label>发布日期:</label>2002-09-09 12:00:00</td> <td><label>更新日期:</label>2009-07-12 05:56:00 </td> </tr> <tr> <td colspan="2"><label>漏洞作者:</label> Discovery credited to Allen Wilson of Guardent, Inc.</td> </tr> </table> <h2 onclick="pm('info_ver1')"> <span id="pm_info_ver1" class="pm">-</span> 受影响的程序版本 </h2> <table width="90%" border="0" align="center" id="info_ver1"> <tr> <td>Wordtrans Wordtrans-web 1.1 pre8<br/> <span class="related"> + RedHat Linux 7.3 i386<br/> </span> Wordtrans Wordtrans-web 1.0 beta-2-2.4<br/> <span class="related"> - Debian Linux 3.0 <br/> </span> Wordtrans Wordtrans-web 1.1 pre9<br/> Wordtrans Wordtrans-web 1.1 pre10<br/></td> </tr> </table> <h2 onclick="pm('info_ver2')"> <span id="pm_info_ver2" class="pm">-</span> 不受影响的程序版本 </h2> <table width="90%" border="0" align="center" id="info_ver2"> <tr> <td>Wordtrans Wordtrans-web 1.1 pre9<br/> Wordtrans Wordtrans-web 1.1 pre10<br/></td> </tr> </table> <h2 onclick="pm('info_discuss')"> <span id="pm_info_discuss" class="pm">-</span> 漏洞讨论 </h2> <table width="90%" border="0" align="center" id="info_discuss"> <tr> <td>The Wordtrans-web interface does not properly validate input parameters. This could allow execution of commands which will be executed by the Wordtrans binary.</td> </tr> </table> <h2 onclick="pm('info_exploit')"> <span id="pm_info_exploit" class="pm">-</span> 漏洞利用 </h2> <table width="90%" border="0" align="center" id="info_exploit"> <tr> <td> Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;. <ul> </ul></td> </tr> </table> <h2 onclick="pm('info_solution')"> <span id="pm_info_solution" class="pm">-</span> 解决方案 </h2> <table width="90%" border="0" align="center" id="info_solution"> <tr> <td> Fixed packages are available:<br/><br/> <br/> Wordtrans Wordtrans-web 1.0 beta-2-2.4<br/> <ul> <li> Debian wordtrans-web 1.0beta2-2.4<br/> <a href="http://packages.debian.org/unstable/text/wordtrans-web.html">http://packages.debian.org/unstable/text/wordtrans-web.html</a></li><br/> </ul> <br/> Wordtrans Wordtrans-web 1.1 pre8<br/> <ul> <li> RedHat wordtrans-1.1pre8-11.i386.rpm<br/> <a href="ftp://updates.redhat.com/7.3/en/os/i386/wordtrans-1.1pre8-11.i386.rpm">ftp://updates.redhat.com/7.3/en/os/i386/wordtrans-1.1pre8-11.i386.rpm</a></li><br/> <li> RedHat wordtrans-1.1pre8-11.src.rpm<br/> <a href="ftp://updates.redhat.com/7.3/en/os/SRPMS/wordtrans-1.1pre8-11.src.rpm">ftp://updates.redhat.com/7.3/en/os/SRPMS/wordtrans-1.1pre8-11.src.rpm</a></li><br/> <li> RedHat wordtrans-kde-1.1pre8-11.i386.rpm<br/> <a href="ftp://updates.redhat.com/7.3/en/os/i386/wordtrans-kde-1.1pre8-11.i386.rpm">ftp://updates.redhat.com/7.3/en/os/i386/wordtrans-kde-1.1pre8-11.i386. rpm</a></li><br/> <li> RedHat wordtrans-qt-1.1pre8-11.i386.rpm<br/> <a href="ftp://updates.redhat.com/7.3/en/os/i386/wordtrans-qt-1.1pre8-11.i386.rpm">ftp://updates.redhat.com/7.3/en/os/i386/wordtrans-qt-1.1pre8-11.i386.r pm</a></li><br/> <li> RedHat wordtrans-web-1.1pre8-11.i386.rpm<br/> <a href="ftp://updates.redhat.com/7.3/en/os/i386/wordtrans-web-1.1pre8-11.i386.rpm">ftp://updates.redhat.com/7.3/en/os/i386/wordtrans-web-1.1pre8-11.i386. rpm</a></li><br/> </ul></td> </tr> </table> <h2 onclick="pm('info_ref')"> <span id="pm_info_ref" class="pm">-</span> 相关参考 </h2> <table width="90%" border="0" align="center" id="info_ref"> <tr> <td colspan="2"> <ul></ul></td> </tr> </table> </div> </div> </div> </div> <script type="text/javascript"> SyntaxHighlighter.all() </script> <table width="350px" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td align="center"> <!-- Baidu Button BEGIN --> <div id="bdshare" class="bdshare_t bds_tools_32 get-codes-bdshare"> <a class="bds_tsina"></a> <a class="bds_tqq"></a> <a class="bds_renren"></a> <a class="bds_t163"></a> <a class="bds_fx"></a> <a class="bds_baidu"></a> <span class="bds_more"></span> <a class="shareCount"></a> </div> <script type="text/javascript" id="bdshare_js" data="type=tools&uid=5376177" ></script> <script type="text/javascript" id="bdshell_js"></script> <script type="text/javascript"> var bds_config = {'bdText':'CVE-2002-0837 wordtrans-web远程命令执行和跨站脚本执行漏洞 - SCAP中文社区'}; document.getElementById("bdshell_js").src = "http://bdimg.share.baidu.com/static/js/shell_v2.js?cdnversion=" + Math.ceil(new Date()/3600000) </script> <!-- Baidu Button END --> </td> </tr> <tr> <td> </td> </tr> </table> <table width="90%" border="0" align="center"> <tr> <td> <!-- Duoshuo Comment BEGIN --> <div class="ds-thread"></div> <script type="text/javascript"> var duoshuoQuery = {short_name:"scap"}; (function() { var ds = document.createElement('script'); ds.type = 'text/javascript';ds.async = true; ds.src = 'http://static.duoshuo.com/embed.js'; ds.charset = 'UTF-8'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(ds); })(); </script> <!-- Duoshuo Comment END --> </td> </tr> </table> <p> </p> <!-- InstanceEndEditable --> </td> <td valign="top" class="sidebar"> <!-- InstanceBeginEditable name="Menus" --> <div class="gadget"> <h2>CVE数据库</h2> <div class="clr"></div> <ul class="sb_menu"> <li><a href="cve_search.html">CVE高级检索</a></li> <li><a href="cve_list.php?action=recent">最新CVE列表</a></li> </ul> </div> <div class="gadget"> <input name="log" type="hidden" value="1" /> <h2>检索CVE</h2> <input name="cveid" type="text" class="searchbox" id="cveid" placeholder="输入关键字或CVE标识" size="23" title="请按照CVE-2013-0707、20130707的格式输入查看CVE,或者输入关键字检索。"/> <br /> <input type="button" name="submit2" id="submit2" src="static/images/submit.gif" class="send" value="查看/检索CVE" onclick="viewcve()"/> <br /> </form> </div> <div class="gadget"> <h2>关于CVE</h2> <div class="clr"></div> <ul class="sb_menu"> <li><a href="article_cve_about-cve.html">CVE标准概述</a></li> <li><a href="article_cve_architecture-cve.html">CVE标准架构</a></li> </ul> </div> <div class="gadget"> <h2>CVE资源</h2> <div class="clr"></div> <ul class="sb_menu"> <li><a href="cve_articles.html">CVE文章列表</a></li> <li><a href="article_cve_resources-cve.html">CVE资源列表</a></li> </ul> </div> <script> $("#cveid").keyup(function(){ if(event.keyCode == 13){ viewcve(); } }); </script> <!-- InstanceEndEditable --> <div class="gadget"> <h2>Wise Words</h2> <div class="clr"></div> <p class="wisewords"><img src="static/images/test_1.gif" alt="image" width="20" height="19" /> 生活只有在平淡无味的人看来才是空虚而平淡无味的。<img src="static/images/test_2.gif" alt="image" width="20" height="19" /></p> <p class="wisewords_author">-- 车尔尼雪夫斯基 </p> </div> </td> <div class="clr"></div> </tr> </table> <div style="height:5px"></div> <table border="0" cellspacing="0" cellpadding="0" class="fbg_resize"> <tr> <td width="320" valign="top"><h2><span>关于SCAP</span>中文社区</h2> SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[<a href="about.html">关于本站]</a>。</td> <td width="320" valign="top"><h2><span>版权声明</span></h2> CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在<a href="http://measurablesecurity.mitre.org" target="_blank">MITRE公司的相关网站</a>。</td> <td width="320" valign="top"><wb:follow-button uid="1418901063" type="red_4" width="300" height="64" ></wb:follow-button></td> </tr> </table> <div style="height:5px"></div> <div style="width:auto;background-color:#000"> <table border="0" cellspacing="0" cellpadding="0" class="footer"> <tr> <td width="250" nowrap="nowrap"><span style="color:#FFF">© Copyright 2014 <a href="http://weibo.com/u/1418901063" target="_blank">@evan-css</a>. CCERT.</span><p> <span style="color:#FFF">京ICP备14000297号-2</span></p></td> <td width="800" valign="top"><ul class="ul_friends"><li class="li_friends"><a href="http://www.youxia.org/" target="_blank">游侠安全网</a></li><li class="li_friends"><a href="http://www.freebuf.com/" target="_blank">FreebuF.com</a></li><li class="li_friends"><a href="http://www.seckungfu.com/" target="_blank">安全功夫</a></li><li class="li_friends"><a href="http://bobylive.com/" target="_blank">Firefly风物</a></li><li class="li_friends"><a href="http://sebug.net/" target="_blank">Sebug漏洞库</a></li><li class="li_friends"><a href="http://www.cn-hack.net/" target="_blank">黑客榜中榜</a></li><li class="li_friends"><a href="http://www.nxadmin.com/" target="_blank">阿德马web安全</a></li><li class="li_friends"><a href="http://www.duusu.com/" target="_blank">独速</a></li><li class="li_friends"><a href="http://web2hack.org/" target="_blank">web2hack</a></li><li class="li_friends"><a href="http://www.dadan.org/" target="_blank">大胆's BLOG</a></li><li class="li_friends"><a href="http://www.cnnetsec.com/" target="_blank">InfoSecLab</a></li><li class="li_friends"><a href="http://www.91ri.org" target="_blank">安全攻防实验室</a></li><li class="li_friends"><a href="http://www.pediy.com/" target="_blank">看雪学院</a></li><li class="li_friends"><a href="http://sec-wiki.com" target="_blank">SecWiki</a></li><li class="li_friends"><a href="http://www.cnhack.com.cn/" target="_blank">黑客中文网</a></li><li class="li_friends"><a href="http://www.idaofeng.com/" target="_blank">刀锋安全</a></li><li class="li_friends"><a href="http://sec007.cc/" target="_blank">安全凌凌柒</a></li><li class="li_friends"><a href="http://www.rptcinfo.com" target="_blank">瑞鹏天乘科技</a></li><li class="li_friends"><a href="http://www.bugsec.org/" target="_blank">BugSec</a></li><li class="li_friends"><a href="http://www.1937cn.com/forum.php" target="_blank">中国网军公盟</a></li><li class="li_friends"><a href="http://www.ourlove520.com" target="_blank">IT学习网</a></li><li class="li_friends"><a href="http://edu.gooann.com/" target="_blank">谷安网校</a></li><li class="li_friends"><a href="http://www.metasploit.cn/" target="_blank">渗透测试</a></li><li class="li_friends"><a href="http://www.hdhacker.com/" target="_blank">黑盾科技论坛</a></li><li class="li_friends"><a href="#" title="请在微博私信或发邮件至langkew@gmail.com申请">您的位置...</a></li></ul></td> </tr> </table> </div> <div style="display:none"> <script type="text/javascript"> var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://"); document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fca227db14814d01f2e44f01433e48552' type='text/javascript'%3E%3C/script%3E")); </script> </div> <!-- Piwik --> <script type="text/javascript"> var _paq = _paq || []; _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u=(("https:" == document.location.protocol) ? "https" : "http") + "://www.scap.org.cn/piwik//"; _paq.push(['setTrackerUrl', u+'piwik.php']); _paq.push(['setSiteId', 1]); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.defer=true; g.async=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s); })(); </script> <noscript><p><img src="http://www.scap.org.cn/piwik/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript> <!-- End Piwik Code --> </body> <!-- InstanceEnd --></html>