Astaro Security Gateway Input Validation Flaw in Comment Field Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID: 1027140|
SecurityTracker URL: http://securitytracker.com/id/1027140
(Links to External Site)
Date: Jun 11 2012
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): 8.304 and prior versions|
A vulnerability was reported in Astaro Security Gateway. A remote user can conduct cross-site scripting attacks.|
The management interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Astaro Security Gateway interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The 'Comment (optional)' field in the 'Available backups' view is affected.
The vendor was notified on May 12, 2012.
The original advisory is available at:
Julien Ahrens from Inshell Security reported this vulnerability.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Astaro Security Gateway interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.|
The vendor has issued a fix (8.305).|
The vendor's advisory is available at:
Vendor URL: www.astaro.com/en-uk/blog/up2date/8305 (Links to External Site)
Input validation error|
Source Message Contents
Date: Sun, 10 Jun 2012 14:15:59 +0200|
Subject: [Full-disclosure] [CVE-2012-3238] Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability
Inshell Security Advisory
1. ADVISORY INFORMATION
Product: Astaro Security Gateway
Vendor URL: www.astaro.com / www.sophos.com
Type: Cross-site Scripting [CWE-79]
Date found: 2012-05-11
Date published: 2012-06-10
CVSSv2 Score: 3,5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
This vulnerability was discovered and researched by Julien Ahrens from
3. VERSIONS AFFECTED
Astaro Security Gateway v8.304, older versions are affected too.
4. VULNERABILITY DESCRIPTION
A Persistent Cross-Site Scripting Vulnerability has been found on the
Astaro Security Gateway product.
The vulnerability is located in the backup-function of the software:
+Management -> Backup/Restore
Parameter: "Comment (optional)"
The input field "Comment (optional)" is shown on the "Available backups"
view after successful creation of a new backup and is also included into
the backup-file itself.
Due to improper input - validation of this input field, an attacker
could permanently inject arbitrary code with required user interaction
into the context of the firewall-interface. Successful exploitation of
the vulnerability allows for example cookie theft, session hijacking or
server side context manipulation.
5. PROOF-OF-CONCEPT (CODE / EXPLOIT)
An attacker needs to force the victim to import an arbitrary
backup-file. The victim does not need to apply the backup, only the
import is required to exploit the vulnerability.
For further information (screenshots, PoCs etc.) visit:
Update to v8.305.
7. REPORT TIMELINE
2012-05-12: Initial notification sent to vendor
2012-05-12: Vendor response
2012-05-12: Vulnerability details reported to vendor
2012-05-15: Vendor acknowledgement
2012-05-31: Vendor releases Update / Fix
2012-06-10: Coordinated public release of advisory
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/