| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 May 2012 21:30:49 GMT From: bruk0ut.sec@...il.com To: bugtraq@...urityfocus.com Subject: Mapserver for Windows (MS4W) Remote Code Execution ------------------- 1) Overview Title: Mapserver for Windows (MS4W) Remote Code Execution Product: Mapserver for Windows (MS4W) Product URL: http://maptools.org/ms4w/ Vendor: Gateway Geomatics Affected Versions: <=3.0.4 through 2.0 Unaffected Versions: <2.0 CVE-ID: CVE-2012-2950 Vendor notified: 22/02/2012 Vendor fix: 26/05/2012 Severity: High Credit: Mike Arnold ------------------- 2) Product information (quoted from website) "The purpose of this package is to allow all levels of MapServer users to quickly install a working environment for MapServer development on Windows. It is also an environment for packaging and distributing MapServer applications." ------------------- 3) Advisory detail A vulnerability has been discovered in the base MS4W package where by an attacker can perform an LFI based attack and run arbitrary PHP code with SYSTEM level privileges. This vulnerability is present in MS4W installations with the default configuration. ------------------- 4) Proof of Concept An attacker can use basic TCP/IP tools (e.g netcat) and a web browser to achieve remote code execution. ------------------- 4) Solution Upgrade to version 3.0.6 http://maptools.org/ms4w/index.phtml?page=downloads.html ------------------- Mike Arnold: bruk0ut.sec .::at::. gmail com PGP Key ID: 0xC570B9F4
Powered by blists - more mailing lists