CVE-2005-2020
CVSS5.0
发布时间 :2005-09-08 06:03:00
修订时间 :2011-03-07 21:23:15
NMCOPS    

[原文]Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.


[CNNVD]3Com Network Supervisor远程目录遍历漏洞(CNNVD-200509-081)

        3Com Network Supervisor是功能强大并且易于使用的网络管理应用软件增强版。
        3Com Network Supervisor中存在目录遍历漏洞,成功利用这个漏洞的攻击者可以非授权访问与服务器同一文件系统中(通常为C盘)的任何文件。Network Supervisor包含有在21700端口上运行的httpd。攻击者可以通过创建含有"../"序列的URL访问该服务webroot外的文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2020
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2020
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-081
(官方数据源) CNNVD

- 其它链接及资源

http://www.idefense.com/application/poi/display?id=300&type=vulnerabilities&flashstatus=true
(VENDOR_ADVISORY)  IDEFENSE  20050902 3Com Network Supervisor Directory Traversal Vulnerability
http://securitytracker.com/id?1014836
(VENDOR_ADVISORY)  SECTRACK  1014836
http://secunia.com/advisories/16639
(VENDOR_ADVISORY)  SECUNIA  16639
http://www.vupen.com/english/advisories/2005/1611
(UNKNOWN)  VUPEN  ADV-2005-1611

- 漏洞信息

3Com Network Supervisor远程目录遍历漏洞
中危 路径遍历
2005-09-08 00:00:00 2005-10-20 00:00:00
远程  
        3Com Network Supervisor是功能强大并且易于使用的网络管理应用软件增强版。
        3Com Network Supervisor中存在目录遍历漏洞,成功利用这个漏洞的攻击者可以非授权访问与服务器同一文件系统中(通常为C盘)的任何文件。Network Supervisor包含有在21700端口上运行的httpd。攻击者可以通过创建含有"../"序列的URL访问该服务webroot外的文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://support.3com.com/software/3com_network_supervisor_v5_1_cu1.exe
        

- 漏洞信息 (F39810)

iDEFENSE Security Advisory 2005-09-01.1 (PacketStormID:F39810)
2005-09-05 00:00:00
iDefense Labs  idefense.com
advisory,remote
CVE-2005-2020
[点击下载]

iDEFENSE Security Advisory 09.01.05-1 - Remote exploitation of a directory traversal vulnerability in 3Com Corp.'s Network Supervisor version 5.0.2 may allow an attacker unauthorized access to files.

3Com Network Supervisor Directory Traversal Vulnerability 

iDEFENSE Security Advisory 09.01.05
www.idefense.com/application/poi/display?id=300&type=vulnerabilities
September 9, 2005

I. BACKGROUND

3Com Network Supervisor is a network monitoring application which allows

monitoring services on multiple hosts. More information is available at 
the following site:

 http://www.3com.com/products/en_US/detail.jsp?tab=prodspec&sku=3C15100E

II. DESCRIPTION

Remote exploitation of a directory traversal vulnerability in 3Com 
Corp.'s Network Supervisor version 5.0.2 may allow an attacker 
unauthorized access to files.

3Com Corp.'s Network Supervisor 5.0.2 contains an httpd running on port 
21700. By constructing a URL containing '../' sequences it is possible 
to access files outside of the webroot for this service.

III. ANALYSIS

Successful exploitation of this vulnerability would allow a remote 
attacker unauthenticated access to any file on the same filesystem 
as the server is installed on. Typically this is the C: drive, which 
also typically contains the Windows operating system files. One 
potential target may be the [SYSTEMROOT]\repair\sam file, which contains

user password information for the system. Tools are available, which 
will recover the password from this file. With this password, an 
attacker may gain access to the vulnerable system.

As the vulnerable tool is designed for network administration, it is
likely that the users of an affected system will have elevated 
permissions on other systems on the network.

IV. DETECTION

iDEFENSE Labs have confirmed that 3Com Corp.'s Network Supervisor 5.0.2 
is affected by this vulnerability. It is suspected that all previous 
versions are affected.

V. WORKAROUND

Restrict remote access to port 21700 at the network boundary, unless 
remote parties require service. Access to the affected host should be 
filtered at the network boundary if global accessibility is not 
required. Restricting access to only trusted hosts and networks may 
reduce the likelihood of exploitation.

VI. VENDOR RESPONSE

Vendor patches to address this vulnerability are available for download
at:

3Com(r) Network Director Version 1.0
Critical Update 1 for the Initial release and Service Pack 1
http://support.3com.com/software/3Com_network_director_v1_0_sp0_1_cu1.ex
e

3Com(r) Network Director Version 1.0
Critical Update 1 for Service Pack 2 and Service Pack 3
http://support.3com.com/software/3Com_network_director_v1_0_sp2_3_cu1.ex
e

3Com(r) Network Director Version 2.0
Critical Update 1 
http://support.3com.com/software/3com_network_director_v2_0_cu1.exe

3Com(r) Network Supervisor Version 5.1
Critical Update 1
http://support.3com.com/software/3com_network_supervisor_v5_1_cu1.exe

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-2020 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

06/20/2005  Initial vendor notification
07/07/2005  Initial vendor response
09/01/2005  Coordinated public disclosure

IX. CREDIT

Discovery of this vulnerability is credited to iDEFENSE Labs.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.idefense.com

X. LEGAL NOTICES

Copyright (c) 2005 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
    

- 漏洞信息

19152
3Com Network Supervisor Traversal Arbitrary File Access
Input Manipulation

- 漏洞描述

- 时间线

2005-09-01 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

3Com Network Supervisor Directory Traversal Vulnerability
Input Validation Error 14715
Yes No
2005-09-01 12:00:00 2009-07-12 05:06:00
Discovery is credited to iDEFENSE Labs.

- 受影响的程序版本

3Com Network Supervisor 5.1
3Com Network Supervisor 5.0.2
3Com Network Supervisor 5.0
3Com Network Director 2.0
3Com Network Director 1.0 SP3
3Com Network Director 1.0 SP2
3Com Network Director 1.0 SP1
3Com Network Director 1.0

- 漏洞讨论

Network Supervisor is prone to a directory traversal vulnerability.

The application fails to properly sanitize input supplied through HTTP GET requests.

Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. It should be noted that all files on the affected drive can be disclosed by a successful attack.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has released updates to address this issue.


3Com Network Director 1.0 SP3

3Com Network Director 1.0 SP2

3Com Network Director 1.0 SP1

3Com Network Director 1.0

3Com Network Director 2.0

3Com Network Supervisor 5.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站