Alcatel OmniPCX Office 210061.1 Remote Command Execution Vuln by h3m4n

VIEWS: 362 PAGES: 2

									                     Alcatel OmniPCX Office 210061.1 Remote Command Execution Vuln                                Page 1/2
  1    Digital Security Research Group [DSecRG] Advisory        #DSECRG−08−020
  2
  3
  4    Application:                     Alcatel OmniPCX Office
  5    Versions Affected:               Alcatel OmniPCX Office since release 210/061.1
  6    Vendor URL:                      http://alcatel.com
  7    Bugs:                            Remote command execution
  8    Exploits:                        YES
  9    Risk:                            High
  10   CVSS Score:                      7.31
  11   CVE−number:                      2008−1331
  12   Reported:                        31.01.2008
  13   Vendor response:                 01.02.2008
  14   Customers informed:              07.03.2008
  15   Published on PSIRT:              01.04.2008
  16   Date of Public Advisory:         21.05.2008
  17   Author:                          Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)
  18
  19
  20
  21   Introduction
  22   ************
  23
  24   The OmniPCX Enterprise is an integrated communications solution for
  25   medium−sized businesses and large corporations. It combines the best of
  26   the old (legacy TDM phone connectivity) with the new (a native IP
  27   platform and support for Session Initiation Protocol, or SIP) to provide
  28   an effective and complete communications solution for cost−conscious
  29   companies on the cutting edge.
  30
  31   (from the vendor’s homepage)
  32
  33
  34   Description
  35   ***********
  36
  37   Alcatel OmniPCX Office   Web Interface has critical   security vulnerability Remote command execution
  38
  39   The risk of this vulnerability is high. Any user which has access to the
  40   web interface of the OmniPCX Enterprise solution will be able to execute
  41   arbitrary commands on the server with the permissions of the webserver.
  42
  43
  44   Details
  45   *******
  46
  47
  48   Remote command execution vulnerability found in script /cgi−data/FastJSData.cgi  in parameter name id2
  49   Variable id2 not being filtered when passed to the shell. Thus, arbitrary commands can be executed on
  50   the server by adding them to the user variable, separated by semicolons.
  51
  52   You can find more details on this advisory on vendors website http://www1.alcatel−lucent.com/psirt/statements.htm
DSecRG                                                                                                             05/21/2008
                    Alcatel OmniPCX Office 210061.1 Remote Command Execution Vuln                               Page 2/2
  53   under reference 2008001
  54
  55
  56
  57   Example:
  58
  59
  60   http://[server]/cgi−data/FastJSData.cgi?id1=sh2kerr&id2=91|cat%20/etc/passwd
  61
  62
  63
  64
  65   Fix Information
  66   ***************
  67
  68   Alcatel    was altered to fix this flaw on 01.04.2008. Updated version can be downloaded here:
  69
  70   http://www1.alcatel−lucent.com/enterprise/en/products/ip_telephony/omnipcxenterprise/index.html
  71
  72
  73
  74
  75
  76
  77   About
  78   *****
  79
  80   Digital Security is leading IT security company in Russia, providing information security consulting,
  81   audit and penetration testing services, risk analysis and ISMS−related services and certification for
  82   ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application
  83   and database security problems with vulnerability reports, advisories and whitepapers posted regularly
  84   on our website.
  85
  86
  87   Contact:          research [at] dsec [dot] ru
  88                     http://www.dsec.ru (in Russian)
  89
  90   # milw0rm.com [2008−05−21]




DSecRG                                                                                                          05/21/2008

								
To top