微慑信息网

CVE-2008-1322-漏洞详情

CVE-2008-1322
CVSS 7.8
发布时间 :2008-03-13 10:44:00
修订时间 :2011-03-07 22:06:42
NMCOE    

[原文]The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability.


[CNNVD]ASG-Sentry Network Manager 拒绝服务攻击漏洞(CNNVD-200803-217)

        ASG-Sentry Network Manager 7.0.0 及其早期版本中的File Check Utility (fcheck.exe)远程攻击者通过一个详细说明-b 选择的查询字符串,来造成一个拒绝服务(CPU消耗)或写满任意文件。该问题可能源于一个变量注入漏洞。


CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]


CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用


OVAL (用于检测的技术细节)

未找到相关OVAL定义


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1322

(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1322

(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-217

(官方数据源) CNNVD


其它链接及资源

http://xforce.iss.net/xforce/xfdb/41080


(UNKNOWN)  XF  asgsentry-fcheck-dos(41080)
http://www.vupen.com/english/advisories/2008/0839/references


(UNKNOWN)  VUPEN  ADV-2008-0839
http://www.securityfocus.com/bid/28188


(UNKNOWN)  BID  28188
http://www.securityfocus.com/archive/1/archive/1/489359/100/0/threaded


(UNKNOWN)  BUGTRAQ  20080310 Multiple vulnerabilities in ASG-Sentry 7.0.0
http://www.milw0rm.com/exploits/5229


(UNKNOWN)  MILW0RM  5229
http://securityreason.com/securityalert/3737


(UNKNOWN)  SREASON  3737
http://secunia.com/advisories/29289


(VENDOR_ADVISORY)  SECUNIA  29289
http://aluigi.altervista.org/adv/asgulo-adv.txt


(UNKNOWN)  MISC  http://aluigi.altervista.org/adv/asgulo-adv.txt


漏洞信息

ASG-Sentry Network Manager 拒绝服务攻击漏洞
高危 其他
2008-03-13 00:00:00 2008-09-05 00:00:00
远程  
        ASG-Sentry Network Manager 7.0.0 及其早期版本中的File Check Utility (fcheck.exe)远程攻击者通过一个详细说明-b 选择的查询字符串,来造成一个拒绝服务(CPU消耗)或写满任意文件。该问题可能源于一个变量注入漏洞。


公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:


        http://www.asg-sentry.com/


漏洞信息 (5229)

ASG-Sentry <= 7.0.0 Multiple Remote Vulnerabilities (EDBID:5229)
multiple dos
2008-03-10 Verified
0 Luigi Auriemma

N/A

[点击下载]

#######################################################################

                             Luigi Auriemma

Application:  ASG-Sentry
              http://www.asg-sentry.com
Versions:     <= 7.0.0
Platforms:    Windows and Unix
Bugs:         A] arbitrary files deleting
              B] heap-overflow in FxAgent
              C] termination of FxIAList
              D] buffer-overflow in FxIAList
Exploitation: remote
Date:         10 Mar 2008
Author:       Luigi Auriemma
              e-mail: [email protected]
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


>From vendor's website:
"The ASG-Sentry family of products is a suite of tools strategically
engineered to control, monitor, manage, and enhance your network.
Sentry's tools provide you with full visibility to your network from
any Web browser. Sentry also allows you to fully instrument your
company's applications, CPUs, disk space, memory, files, Windows and
UNIX platforms, and more."


#######################################################################

=======
2) Bugs
=======

---------------------------
A] arbitrary files deleting
---------------------------

The fcheck.exe (File Check Utility) CGI available in ASG is used for
handling some index files which contain a list of filenames and
checksums.

The -b option of this utility allows the creation of these index files
and is possible to specify both the name of the output file and,
optionally, the folder which will be scanned recursively for finding
and reading the various files to add to the list.

The first vulnerability is in the possibility for an external attacker
to use this CGI for overwriting existent files with no data (specifying
a new folder which will be created by the same program) or with the
list of filenames described before.
Naturally is possible to specify both files on the local disks or on
network shares.

The second effect instead is the possibility of occupying CPU and disk
for the scanning of any file in the disk simply specyfing, for example,
c:\ as folder.


---------------------------
B] heap-overflow in FxAgent
---------------------------

The FxAgent process running on UDP port 6161 is used for handling the
various SNMP requests.
A community field longer than 64 bytes can be used by an attacker to
exploit a heap-overflow.


--------------------------
C] termination of FxIAList
--------------------------

FxIAList is a service which runs on the TCP port 6162 and is used for
the logging operations which include the commands "exit", "trace on"
"verbose", "trace off" and the name of the log file to create
(xxxx.xx.xx) and its content.
The main problem is that the server doesn't require authentication so
anyone can send the "exit" command and the service will just terminate.


------------------------------
D] buffer-overflow in FxIAList
------------------------------

The same service described before is affected also by a stack based
buffer-overflow which happens during the copying of the data we want
to write to the log file (max 1023 bytes) in a buffer of only 500.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/asgulo.zip
http://exploit-db.com/sploits/2008-asgulo.zip

A]
  http://SERVER:6161/snmx-cgi/fcheck.exe?-b+..\../..\boot.ini
  http://SERVER:6161/snmx-cgi/fcheck.exe?-b+c:\windows\win.ini
  http://SERVER:6161/snmx-cgi/fcheck.exe?-b+c:\file.txt+c:\
  http://SERVER:6161/snmx-cgi/fcheck.exe?-b+\host\document.txt
    this link for the network share is correct because Apache converts
    any backslash to double so that one becomes \\host\\document.txt

B]
  nc SERVER 6161 -v -v -u < asgulo_fxagent.txt

C]
  nc SERVER 6162 -v -v -w 1 < asgulo-ialist1.txt

D]
  nc SERVER 6162 -v -v -w 1 < asgulo-ialist2.txt


#######################################################################

======
4) Fix
======


No fix


#######################################################################

# milw0rm.com [2008-03-10]
  

-
漏洞信息


43086
ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite
Exploit Public

-
漏洞描述

-
时间线


2008-03-10

Unknow
Unknow Unknow

-
解决方案

赞(0) 打赏
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-1322-漏洞详情

评论 抢沙发

微慑信息网 专注工匠精神

微慑信息网-VulSee.com-关注前沿安全态势,聚合网络安全漏洞信息,分享安全文档案例

访问我们联系我们

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续提供更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫打赏

微信扫一扫打赏

登录

找回密码

注册