Asterisk vmail.cgi目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109221 漏洞类型 路径遍历
发布时间 2005-11-07 更新时间 2006-12-05
CVE编号 CVE-2005-3559 CNNVD-ID CNNVD-200511-177
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/26475
https://www.securityfocus.com/bid/15336
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200511-177
|漏洞详情
Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。Asterisk1.0.9直到1.2.0-beta1版本中,vmail.cgi存在目录遍历漏洞,这会允许远程攻击者在目录参数中加入".."(参数中包含'..')来访问WAV文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/15336/info

Asterisk is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

Successful exploitation will grant an attacker access to a victim user's voicemail and to any '.wav/.WAV' files currently on the affected system. 

http://www.example.org/cgi-bin/vmail.cgi?action=audio&folder=../201/INBOX&mailbox=200&context=default&password=12345&msgid=0001&format=wav
|受影响的产品
Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1
|参考资料

来源:VUPEN
名称:ADV-2005-2346
链接:http://www.frsirt.com/english/advisories/2005/2346
来源:XF
名称:asterisk-vmail-obtain-information(23002)
链接:http://xforce.iss.net/xforce/xfdb/23002
来源:BID
名称:15336
链接:http://www.securityfocus.com/bid/15336
来源:BUGTRAQ
名称:20051107Asteriskvmail.cgivulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/415990/30/0/threaded
来源:DEBIAN
名称:DSA-1048
链接:http://www.debian.org/security/2006/dsa-1048
来源:MISC
链接:http://www.assurance.com.au/advisories/200511-asterisk.txt
来源:SECTRACK
名称:1015164
链接:http://securitytracker.com/id?1015164
来源:SECUNIA
名称:19872
链接:http://secunia.com/advisories/19872
来源:SECUNIA
名称:17459
链接:http://secunia.com/advisories/17459
来源:OSVDB
名称:20577
链接:http://osvdb.org/20577