CVE-2003-1286
CVSS7.5
发布时间 :2003-12-31 00:00:00
修订时间 :2008-09-05 16:36:32
NMCOES    

[原文]HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.


[CNNVD]Sambar开放代理和授权绕过漏洞(CNNVD-200312-422)

        Sambar Server6.0 beta 6之前版本的HTTP Proxy存在漏洞。当security.ini缺少127.0.0.1 proxydeny入口时,远程攻击者可以在代理请求前制作"Connection: keep-alive"请求向 Sambar服务器管理员接口和外部web服务器发送HTTP代理请求。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sambar:sambar_server:5.1:beta2Sambar Sambar Server 5.1 Beta 2
cpe:/a:sambar:sambar_server:5.1:beta3Sambar Sambar Server 5.1 Beta 3
cpe:/a:sambar:sambar_server:5.0:beta6Sambar Sambar Server 5.0 Beta 6
cpe:/a:sambar:sambar_server:5.1:beta5Sambar Sambar Server 5.1 Beta 5
cpe:/a:sambar:sambar_server:5.0:beta1Sambar Sambar Server 5.0 beta1
cpe:/a:sambar:sambar_server:5.0:beta2Sambar Sambar Server 5.0 beta2
cpe:/a:sambar:sambar_server:5.0:beta3Sambar Sambar Server 5.0 beta3
cpe:/a:sambar:sambar_server:6.0:beta2Sambar Sambar Server 6.0 Beta 2
cpe:/a:sambar:sambar_server:6.0:beta4Sambar Sambar Server 6.0 Beta 4
cpe:/a:sambar:sambar_server:5.2Sambar Sambar Server 5.2
cpe:/a:sambar:sambar_server:5.0:beta5Sambar Sambar Server 5.0 beta5
cpe:/a:sambar:sambar_server:6.0:beta3Sambar Sambar Server 6.0 Beta 3
cpe:/a:sambar:sambar_server:5.3Sambar Sambar Server 5.3
cpe:/a:sambar:sambar_server:5.1Sambar Sambar Server 5.1
cpe:/a:sambar:sambar_server:5.1:beta4Sambar Sambar Server 5.1 Beta 4
cpe:/a:sambar:sambar_server:6.0:beta5Sambar Sambar Server 6.0 Beta 5
cpe:/a:sambar:sambar_server:5.0Sambar Sambar Server 5
cpe:/a:sambar:sambar_server:5.0:beta4Sambar Sambar Server 5.0 beta4
cpe:/a:sambar:sambar_server:5.1:beta1Sambar Sambar Server 5.1 Beta 1
cpe:/a:sambar:sambar_server:6.0:beta1Sambar Sambar Server 6.0 Beta 1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1286
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1286
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-422
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16054
(PATCH)  XF  sambar-http-gain-access(16054)
http://www.securityfocus.com/bid/10256
(PATCH)  BID  10256
http://securitytracker.com/id?1007819
(PATCH)  SECTRACK  1007819
http://www.sambar.com/security.htm
(VENDOR_ADVISORY)  CONFIRM  http://www.sambar.com/security.htm
http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true
(VENDOR_ADVISORY)  IDEFENSE  20030925 Sambar Server Multiple Vulnerabilities
http://secunia.com/advisories/9578
(VENDOR_ADVISORY)  SECUNIA  9578
http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html
(VENDOR_ADVISORY)  BUGTRAQ  20040430 SECURITY.NNOV: Sambar security quest

- 漏洞信息

Sambar开放代理和授权绕过漏洞
高危 其他
2003-12-31 00:00:00 2006-01-20 00:00:00
远程  
        Sambar Server6.0 beta 6之前版本的HTTP Proxy存在漏洞。当security.ini缺少127.0.0.1 proxydeny入口时,远程攻击者可以在代理请求前制作"Connection: keep-alive"请求向 Sambar服务器管理员接口和外部web服务器发送HTTP代理请求。

- 公告与补丁

        The vendor has released an upgrade dealing with this issue.
        Sambar Server 5.1
        
        Sambar Server 5.2
        
        Sambar Server 5.3
        

- 漏洞信息 (24076)

Sambar 5.x Open Proxy and Authentication Bypass Vulnerability (EDBID:24076)
windows remote
2003-01-30 Verified
0 David Endler
N/A [点击下载]
source: http://www.securityfocus.com/bid/10256/info

Sambar improperly validates the IP address of an originating connection and can be used to gain access the administration interface without authorization.

Once the remote attacker has gained access to the administrative interface, further attacks are possible, including privilege escalation and unauthorized system access.

-> GET / HTTP/1.1
Connection: keep-alive
*This is valid web server request. It's granted.

<- Sambar default web page

*Because the connection is keep-alive it's not broken after page is sent.

-> GET http://www.example.com HTTP/1.1

*This is valid proxy requests. This time source IP is not validated, because connection was established before

<- Web page from external site
*Sambar proxies our request.		

- 漏洞信息

5780
Sambar Server Proxy IP Filter Bypass
Remote / Network Access Misconfiguration
Loss of Integrity
Exploit Public

- 漏洞描述

Sambar Server contains a flaw that may allow a malicious user to circumvent proxy access restrictions. The issue is triggered when a specially crafted HTTP/1.1 request is used by an attacker. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity, and/or availability.

- 时间线

2003-09-25 2003-02-25
2003-09-25 Unknow

- 解决方案

Upgrade to version 6.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Sambar Open Proxy and Authentication Bypass Vulnerability
Origin Validation Error 10256
Yes No
2003-01-30 12:00:00 2009-07-12 04:07:00
Discovery of these issues is credited to David Endler.

- 受影响的程序版本

Sambar Server 5.3 b4
Sambar Server 5.3
Sambar Server 5.2 b
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
Sambar Server 5.2
Sambar Server 5.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
Sambar Server 5.0 beta6
Sambar Server 5.0 beta5
Sambar Server 5.0 beta4
Sambar Server 5.0 beta3
Sambar Server 5.0 beta2
Sambar Server 5.0 beta1
Sambar Server 6.1 beta
Sambar Server 6.0.1
Sambar Server 6.0

- 不受影响的程序版本

Sambar Server 6.1 beta
Sambar Server 6.0.1
Sambar Server 6.0

- 漏洞讨论

Sambar improperly validates the IP address of an originating connection and can be used to gain access the administration interface without authorization.

Once the remote attacker has gained access to the administrative interface, further attacks are possible, including privilege escalation and unauthorized system access.

- 漏洞利用

The following example has been supplied:
-&gt; GET / HTTP/1.1
Connection: keep-alive
*This is valid web server request. It's granted.

&lt;- Sambar default web page

*Because the connection is keep-alive it's not broken after page is sent.

-&gt; GET http://www.example.com HTTP/1.1

*This is valid proxy requests. This time source IP is not validated, because connection was established before

&lt;- Web page from external site
*Sambar proxies our request.

- 解决方案

The vendor has released an upgrade dealing with this issue.


Sambar Server 5.1

Sambar Server 5.2

Sambar Server 5.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站