|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
MIMAnet Source Viewer 2.0 contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the viewsrc.cgi script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'loc' variable.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Joe Testa has released a patch to address this vulnerability.
Apply the following patch to viewsrc.cgi:
53a54,56
> $FORM{'loc'} =~ s/\.\.//g;
> $FORM{'loc'} =~ s/\\//g;
> $FORM{'loc'} =~ s/\///g;
65c68
< open (INHTML, "$predo") or die &err_loc;
---
> open (INHTML, "<$predo") or die &err_loc;
This patch removes any '..', '/', or '\'s present in the $FORM{'loc'}
variable. It also makes the open() command safer by using the '<'
read-only specifier.
|
|
Products |
|
Source Viewer
 |
2.0 |
|
|
|
|
Credit |
- Joe Testa - joetesta
 hushmail.com - Personal page
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
