SonicWALL SSL VPN客户端ActiveX控件目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113884 漏洞类型 路径遍历
发布时间 2007-11-01 更新时间 2007-11-06
CVE编号 CVE-2007-5815 CNNVD-ID CNNVD-200711-040
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/30730
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200711-040
|漏洞详情
SonicWALLSSL-VPN可以为企业网络提供简单易用的VPN解决方案。SonicWALLSSL-VPN解决方案所安装的WebCacheCleanerActiveX控件的FileDelete()方式没有正确地验证某些参数,攻击者通过一个绝对路径参数实现删除客户端上的任意文件
|漏洞EXP
source: http://www.securityfocus.com/bid/26288/info


SonicWALL SSL VPN Client is prone to multiple remote vulnerabilities. The issues occur in different ActiveX controls and include arbitrary-file-deletion and multiple stack-based buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application and delete arbitrary files on the client's computer. Failed exploit attempts will result in denial-of-service conditions.

These issues affect SonicWALL SSL VPN 1.3.0.3 software as well as WebCacheCleaner 1.3.0.3 and NeLaunchCtrl 2.1.0.49 ActiveX controls; other versions may also be vulnerable. 

dim o
Set o = CreateObject("MLWebCacheCleaner.WebCacheCleaner.1")
o.FileDelete("c:\bla\bla")
|参考资料

来源:XF
名称:sonicwall-webcachecleaner-file-delete(38221)
链接:http://xforce.iss.net/xforce/xfdb/38221
来源:BID
名称:26288
链接:http://www.securityfocus.com/bid/26288
来源:BUGTRAQ
名称:20071101SECConsultSA-20071101-0::MultipleVulnerabilitiesinSonicWALLSSL-VPNClient
链接:http://www.securityfocus.com/archive/1/archive/1/483097/100/0/threaded
来源:MISC
链接:http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt
来源:MISC
链接:http://www.sec-consult.com/303.html
来源:VUPEN
名称:ADV-2007-3696
链接:http://www.frsirt.com/english/advisories/2007/3696
来源:SREASON
名称:3342
链接:http://securityreason.com/securityalert/3342
来源:SECUNIA
名称:27469
链接:http://secunia.com/advisories/27469