SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VoIP)  >   Alcatel-Lucent OmniPCX Vendors:   Alcatel-Lucent
Alcatel OmniPCX Input Validation Flaw in 'FastJSData.cgi' Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020082
SecurityTracker URL:  http://securitytracker.com/id/1020082
CVE Reference:   CVE-2008-1331   (Links to External Site)
Date:  May 21 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): since release 210/061.1
Description:   A vulnerability was reported in Alcatel OmniPCX. A remote user can execute arbitrary code on the target system.

The '/cgi-data/FastJSData.cgi' script does not properly validate user-supplied data in the 'id2' parameter. A remote user can submit a specially crafted value to execute arbitrary code on the target system. The code will run with the privileges of the web service.

A demonstration exploit URL is provided:

http://[target]/cgi-data/FastJSData.cgi?id1=sh2kerr&id2=91|cat%20/etc/passwd

The vendor was notified on January 8, 2008.

Digital Security Research Group reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued fixed versions.

OXO210: upgrade to release 210/091.001

OXO310: upgrade to release 310/056.001

OXO410: upgrade to release 410/057.001

OXO510: upgrade to release 510/037.001

OXO600: upgrade to release 610/014.001

The vendor's advisory is available at:

http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm

Vendor URL:  www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  [DSECRG-08-020] Alcatel OmniPCX Office Remote Comand Execution


Digital Security Research Group [DSecRG] Advisory       #DSECRG-08-020


Application:                    Alcatel OmniPCX Office 
Versions Affected:              Alcatel OmniPCX Office since release 210/061.1 
Vendor URL:                     http://alcatel.com
Bugs:                           Remote command execution
Exploits:                       YES
Risk:                           High
CVSS Score:                     7.31
CVE-number:                     2008-1331
Reported:                       31.01.2008
Vendor response:                01.02.2008
Customers informed:             07.03.2008
Published on PSIRT:             01.04.2008
Date of Public Advisory:        21.05.2008
Author:                         Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)



Introduction
************

The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge.

(from the vendor's homepage)


Description
***********

Alcatel OmniPCX Office  Web Interface has critical  security vulnerability Remote command execution

The risk of this vulnerability is high. Any user which has access to the web interface of the OmniPCX Enterprise solution will 

be able to execute arbitrary commands on the server with the permissions of the webserver.


Details
*******


Remote command execution vulnerability found in script /cgi-data/FastJSData.cgi   in parameter name id2
Variable id2  not being filtered when passed to the shell. Thus, arbitrary commands can be executed on
the server by adding them to the user variable, separated by semicolons.

You can find more details on this advisory on vendors website http://www1.alcatel-lucent.com/psirt/statements.htm 
under reference 2008001



Example:


http://[server]/cgi-data/FastJSData.cgi?id1=sh2kerr&id2=91|cat%20/etc/passwd




Fix Information
***************

Alcatel  was altered to fix this flaw on 01.04.2008. Updated version can be downloaded here:

http://www1.alcatel-lucent.com/enterprise/en/products/ip_telephony/omnipcxenterprise/index.html






About
*****

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration 

testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. 

Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories 

and whitepapers posted regularly on our website.


Contact:        research [at] dsec [dot] ru
                http://www.dsec.ru (in Russian)







 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC