CVE-2004-1724
CVSS7.5
发布时间 :2004-08-18 00:00:00
修订时间 :2016-10-17 22:59:53
NMCOE    

[原文]The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.


[CNNVD]PHP-Fusion数据库备份泄露漏洞(CNNVD-200408-175)

        
        PHP-Fusion是一款基于PHP的内容管理系统。
        PHP-Fusion存在多个安全问题,远程攻击者可以利用这些漏洞下载备份数据库,判断安装路径等。
        y3dips报告远程用户可以访问'fusion_admin/db_backups'目录中的备份文件,文件名为:
        - backup_year-month-day_time.sql
        - backup_year-month-day_time.sql.gz
        远程用户可以测试文件名下载,文件包含用户名和MD5密码HASH信息。利用这些信息可能以管理员权限访问应用程序。
        另外通过访问部分脚本可获得系统的安装路径信息。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1724
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1724
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-175
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109285292901685&w=2
(UNKNOWN)  BUGTRAQ  20040818 Multiple vulnerabilities in PHP-FUSION
http://www.securityfocus.com/bid/10974
(VENDOR_ADVISORY)  BID  10974
http://xforce.iss.net/xforce/xfdb/17037
(VENDOR_ADVISORY)  XF  phpfusion-database-file-access(17037)

- 漏洞信息

PHP-Fusion数据库备份泄露漏洞
高危 访问验证错误
2004-08-18 00:00:00 2005-10-20 00:00:00
远程  
        
        PHP-Fusion是一款基于PHP的内容管理系统。
        PHP-Fusion存在多个安全问题,远程攻击者可以利用这些漏洞下载备份数据库,判断安装路径等。
        y3dips报告远程用户可以访问'fusion_admin/db_backups'目录中的备份文件,文件名为:
        - backup_year-month-day_time.sql
        - backup_year-month-day_time.sql.gz
        远程用户可以测试文件名下载,文件包含用户名和MD5密码HASH信息。利用这些信息可能以管理员权限访问应用程序。
        另外通过访问部分脚本可获得系统的安装路径信息。
        

- 公告与补丁

        厂商补丁:
        PHP-Fusion
        ----------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://sourceforge.net/projects/php-fusion/

- 漏洞信息 (24384)

PHP-Fusion Database Backup Information Disclosure Vulnerability (EDBID:24384)
php webapps
2004-07-18 Verified
0 Ahmad Muammar
N/A [点击下载]
source: http://www.securityfocus.com/bid/10974/info

It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server. Authentication would not be required.

A remote attacker may exploit this vulnerability to download the full contents of the application database. The backup includes user information and password hashes. This information could then be used in further attacks against the application. Furthermore, since the database uses the MD5 hash of passwords for authentication, and the authentication cookie directly includes both the username and the MD5 password hash, an attacker would not need to bruteforce the retrieved password hashes.

Version 4.00 was reported vulnerable. Other versions are also likely affected.

Update:
This issue is being retired due to the fact that this is not a vulnerability in the application. Configuring the Web server to restrict access to sensitive files can prevent this problem.

http://www.example.com/fusion/fusion_admin/db_backups/backup_2004-08-17_1845.sql		

- 漏洞信息

9032
PHP-Fusion Database Backup Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

PHP-Fusion contains a flaw that may lead to an unauthorized information disclosure. Attacker can download or view database backup files due to the fact that they are stored in publicly accessable directories and use predictable naming schemes in the format: "backup_year-month-day_time.sql" or "backup_year-month-day_time.sql.gz".

- 时间线

2004-08-17 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Apply proper permission on directory in which backups are stored.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站