CVE-2006-1182
CVSS2.6
发布时间 :2006-03-15 20:02:00
修订时间 :2011-03-07 21:32:20
NMCOS    

[原文]Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command.


[CNNVD]Adobe Graphics Server/Document Server远程命令执行漏洞(CNNVD-200603-277)

        Adobe Graphics Server/Document Server是流行的图形和文档服务程序。
        Adobe Graphics Server/Document Server处理用户提交的命令时存在漏洞,攻击者可能利用此漏洞非授权获取文件访问。
        "saveContent"和"saveOptimized"命令允许使用文件URI以系统权限在服务器中的任意位置以任何文件扩展名保存图形或PDF文件。类似的,"loadContent"命令允许使用文件URI检索指定的图形或PDF文件。可通过8019端口上运行的AlterCast Web服务执行这些命令。
        攻击者可以向Web服务发送特制的SOAP请求,向服务器的All Users开始文件夹写入包含有恶意JavaScript的图形文件,这样下次任何用户登录的时候都可以导致执行该文件。
        此外,还可以发送包含有"loadContent"的请求以检索任意图形或PDF文件,泄漏敏感信息。
        
        成功攻击要求服务配置为以默认的系统权限或可以交互登录的正常用户权限。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:adobe:graphics_server:2.1Adobe Graphics Server 2.1
cpe:/a:adobe:document_server:6.0Adobe Document Server 6.0
cpe:/a:adobe:document_server:5.0Adobe Document Server 5.0
cpe:/a:adobe:graphics_server:2.0Adobe Graphics Server 2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1182
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1182
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-277
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/17113
(PATCH)  BID  17113
http://www.securityfocus.com/archive/1/archive/1/427730/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060315 Secunia Research: Adobe Document/Graphics Server File URI ResourceAccess
http://www.adobe.com/support/techdocs/332989.html
(PATCH)  CONFIRM  http://www.adobe.com/support/techdocs/332989.html
http://securitytracker.com/id?1015769
(VENDOR_ADVISORY)  SECTRACK  1015769
http://secunia.com/advisories/19229
(VENDOR_ADVISORY)  SECUNIA  19229
http://xforce.iss.net/xforce/xfdb/25247
(UNKNOWN)  XF  adobe-unauth-command-access(25247)
http://www.vupen.com/english/advisories/2006/0956
(UNKNOWN)  VUPEN  ADV-2006-0956
http://www.osvdb.org/23924
(UNKNOWN)  OSVDB  23924
http://securitytracker.com/id?1015768
(UNKNOWN)  SECTRACK  1015768
http://securityreason.com/securityalert/588
(UNKNOWN)  SREASON  588

- 漏洞信息

Adobe Graphics Server/Document Server远程命令执行漏洞
低危 设计错误
2006-03-15 00:00:00 2007-08-27 00:00:00
远程  
        Adobe Graphics Server/Document Server是流行的图形和文档服务程序。
        Adobe Graphics Server/Document Server处理用户提交的命令时存在漏洞,攻击者可能利用此漏洞非授权获取文件访问。
        "saveContent"和"saveOptimized"命令允许使用文件URI以系统权限在服务器中的任意位置以任何文件扩展名保存图形或PDF文件。类似的,"loadContent"命令允许使用文件URI检索指定的图形或PDF文件。可通过8019端口上运行的AlterCast Web服务执行这些命令。
        攻击者可以向Web服务发送特制的SOAP请求,向服务器的All Users开始文件夹写入包含有恶意JavaScript的图形文件,这样下次任何用户登录的时候都可以导致执行该文件。
        此外,还可以发送包含有"loadContent"的请求以检索任意图形或PDF文件,泄漏敏感信息。
        
        成功攻击要求服务配置为以默认的系统权限或可以交互登录的正常用户权限。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.adobe.com

- 漏洞信息

23924
Adobe Document/Graphics Server File URI Arbitrary Resource Manipulation
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Adobe Document/Graphics Server contain a flaw that may lead to an unauthorized information disclosure, an arbitrary file overwrite, or a compromised system. The issue is caused due to the 'loadContent', 'saveContent', and 'saveOptimized' ADS (Adobe Document Server) commands allowing graphics or PDF files to be retrieved from or saved to arbitrary locations on the server using File URIs via the AlterCast web service. A malicious user can exploit this to run arbitrary commands during user logins resulting in a loss of integrity.

- 时间线

2006-03-15 2005-07-26
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. However, it is possible to correct the flaw by implementing the additional hardening recommendations published by the vendor as a workaround.

- 相关参考

- 漏洞作者

- 漏洞信息

Adobe Graphics Server / Document Server Remote Command Execution Vulnerability
Design Error 17113
Yes No
2006-03-15 12:00:00 2006-03-16 10:05:00
Discovered by Tan Chew Keong, Secunia Research.

- 受影响的程序版本

Adobe Graphics Server 2.1
Adobe Graphics Server 2.0
Adobe Document Server 6.0
Adobe Document Server 5.0

- 漏洞讨论

Adobe Graphics Server and Document Server are prone to a vulnerability that may allow remote attackers to:

- access arbitrary graphics or PDF files
- place arbitrary graphics or PDF files on a server
- gain unauthorized access to a computer
- potentially execute arbitrary code.

The code execution is triggered when a user interactively logs into the Adobe Server service account. Adobe Server is installed as SYSTEM by default, which can allow this vulnerability to be triggered when anyone logs into the server interactively. The server may also be configured to run with lower privileges.

Adobe Graphics Server 2.0, 2.1 and Adobe Document Server 5.0, 6.0 running on Windows are affected.

- 漏洞利用


An exploit is not required.

- 解决方案


Adobe has released an advisory containing workarounds to address this issue. Please see references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站