CA eTrust Security Command Center和eTrust Audit多个安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111095 漏洞类型 路径遍历
发布时间 2006-09-21 更新时间 2006-09-28
CVE编号 CVE-2006-4900 CNNVD-ID CNNVD-200609-385
漏洞平台 Windows CVSS评分 5.5
|漏洞来源
https://www.exploit-db.com/exploits/28641
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-385
|漏洞详情
CAeTrustSecurityCommandCenter用于实时监控和管理企业安全的各个方面,eTrustAudit能收集有关企业级安全和系统的审计信息。上述两个安全产品中存在多个安全漏洞,具体如下:如果向ePPIServlet脚本发送了引号字符的话,eTrustSecurityCommandCenter就不会正确地处理PIProfile函数,导致泄漏Web主目录路径。eTrustSecurityCommandCenter没有正确地验证getadhochtml函数所生成临时文件的位置,允许攻击者以服务帐户的权限读取或删除任意文件。eTrustSecurityCommandCenter和Audit没有认证事件报警系统,允许攻击者发送误报警告。
|漏洞EXP
source: http://www.securityfocus.com/bid/20139/info
 
CA eTrust Security Command Center (eSCC) and eTrust Audit are prone to multiple vulnerabilities, including:
 
- an information-disclosure issue
- an arbitrary-file-deletion issue
- a replay issue.
 
These vulnerabilities occur because the software fails to validate user input and because of design errors in the way the software handles user permissions and secure data-transmission protocols.
 
An attacker may exploit these vulnerabilities to access sensitive information, delete arbitrary files with the permissions of the service account, and carry out external replay attacks.

https://www.example.com:8080/etrust/servlet/eSMPAuditServlet?verb=getadhochtml&eSCCAdHocHtmlFile=../../../../../../../boot.ini
|参考资料

来源:www3.ca.com
链接:http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617
来源:www3.ca.com
链接:http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9
来源:OSVDB
名称:29010
链接:http://www.osvdb.org/29010
来源:MISC
链接:http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt
来源:SECUNIA
名称:22023
链接:http://secunia.com/advisories/22023
来源:XF
名称:ca-etrust-esmpauditservlet-dir-traversal(29104)
链接:http://xforce.iss.net/xforce/xfdb/29104
来源:BID
名称:20139
链接:http://www.securityfocus.com/bid/20139
来源:BUGTRAQ
名称:20060922RE:ComputerAssociateseTrustSecurityCommandCenterMultipleVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/446716/100/0/threaded
来源:BUGTRAQ
名称:20060921[CAID34616,34617,34618]:CAeSCCandeTrustAuditvulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/446611/100/0/threaded
来源:VUPEN
名称:ADV-2006-3738
链接:http://www.frsirt.com/english/advisories/2006/3738
来源:SECTRACK
名称:1016910
链接:http://securitytracker.com/id?10169