Vignette Content Suite V5 and V6 and Vignette StoryServer V5 contains a flaw that allows a malicious user to execute arbitrary TCL commands. The proprietary NEEDS command evaluates some unfiltered variables with the SET command. If the user injects Vignette code through those variables then it is possible to execute arbitrary TCL commands. The affected input variables are HTTP_QUERY_STRING and HTTP_COOKIE. If the Vignette/TCL escape characters "[" and "]" are included then the code between them is evaluated as valid TCL code.
Classification
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
Solution
Upgrade to version 6.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
s21sec.com - S 2 1 S E C