CVE-2005-3330
CVSS7.5
发布时间 :2005-10-27 06:02:00
修订时间 :2016-10-17 23:34:35
NMCOPS    

[原文]The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.


[CNNVD]Snoopy任意命令执行漏洞(CNNVD-200510-220)

        Snoopy是模拟Web浏览器的PHP类,可自动完成检索网页内容和张贴表单等任务。
        Snoopy对URL的处理存在漏洞,远程攻击者可能利用此漏洞在主机上执行任意命令。
        在使用Snoopy API调用请求SSL保护的网页时,会调用_httpsrequest函数,而该函数会将URL用作参数。然后该函数会未经检查用户输入便调用PHP函数exec。如果使用了特制URL的话,攻击者就可以提供任意命令,并在Web Server上执行这些命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3330
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3330
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-220
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=113028858316430&w=2
(UNKNOWN)  BUGTRAQ  20051025 SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability
http://marc.info/?l=bugtraq&m=113062897231412&w=2
(UNKNOWN)  BUGTRAQ  20051027 Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote
http://securityreason.com/securityalert/117
(UNKNOWN)  SREASON  117
http://securitytracker.com/id?1015104
(UNKNOWN)  SECTRACK  1015104
http://sourceforge.net/project/shownotes.php?release_id=368750
(UNKNOWN)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=368750
http://sourceforge.net/project/shownotes.php?release_id=375385
(UNKNOWN)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=375385
http://www.securityfocus.com/bid/15213
(UNKNOWN)  BID  15213
http://www.vupen.com/english/advisories/2005/2202
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2202
http://www.vupen.com/english/advisories/2005/2335
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2335
http://www.vupen.com/english/advisories/2005/2727
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2727
http://xforce.iss.net/xforce/xfdb/22874
(UNKNOWN)  XF  snoopy-httpsrequest-command-injection(22874)
https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG
(UNKNOWN)  CONFIRM  https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG

- 漏洞信息

Snoopy任意命令执行漏洞
高危 输入验证
2005-10-27 00:00:00 2006-06-13 00:00:00
远程  
        Snoopy是模拟Web浏览器的PHP类,可自动完成检索网页内容和张贴表单等任务。
        Snoopy对URL的处理存在漏洞,远程攻击者可能利用此漏洞在主机上执行任意命令。
        在使用Snoopy API调用请求SSL保护的网页时,会调用_httpsrequest函数,而该函数会将URL用作参数。然后该函数会未经检查用户输入便调用PHP函数exec。如果使用了特制URL的话,攻击者就可以提供任意命令,并在Web Server上执行这些命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://prdownloads.sourceforge.net/snoopy/Snoopy-1.2.1.tar.gz?download

- 漏洞信息 (F127352)

Feed2JS File Disclosure (PacketStormID:F127352)
2014-07-05 00:00:00
Michail Strokin  
exploit,local,info disclosure
CVE-2005-3330,CVE-2008-4796
[点击下载]

Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents. The version of Snoopy in use suffers from a local file disclosure vulnerability.

*ERROR*    

- 漏洞信息

20316
Snoopy _httpsrequest() Function Shell Command Injection
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-25 2005-10-10
Unknow Unknow

- 解决方案

Upgrade Snoopy to version 1.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Snoopy is integrated into several other software packages. The following packages and versions are known to contain the upgraded version of Snoopy: MagpieRSS - 0.72 sux0r - 1.6 Jinzora - 2.3.6 Ampache - 3.3.1.5

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Snoopy Arbitrary Command Execution Vulnerability
Input Validation Error 15213
Yes No
2005-10-26 12:00:00 2008-09-10 07:01:00
D. Fabian of SEC-CONSULT is credited with the discovery of this issue.

- 受影响的程序版本

Snoopy Snoopy 1.2
Snoopy Snoopy 1.0 1
Snoopy Snoopy 0.94
Snoopy Snoopy 0.93
Snoopy Snoopy 0.92
Snoopy Snoopy 0.91
Snoopy Snoopy 1.2.1

- 不受影响的程序版本

Snoopy Snoopy 1.2.1

- 漏洞讨论

Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

This issue may facilitate unauthorized remote access to the application in the context of the webserver.

- 漏洞利用

No exploit is required.

The following proof-of-concept URI is available:

https://www.%22;+echo+'hello'+%3E+test.txt

Passing this URI to a script that uses a vulnerable version of Snoopy will result in a file called 'test.txt' containing 'hello'.

- 解决方案

The vendor has released Snoopy 1.2.1 to address this issue:


Snoopy Snoopy 0.91

Snoopy Snoopy 0.92

Snoopy Snoopy 0.93

Snoopy Snoopy 0.94

Snoopy Snoopy 1.0 1

Snoopy Snoopy 1.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站