| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Oct 2020 06:46:06 -0400 From: Kevin R <krandall2013@...il.com> To: fulldisclosure@...lists.org Subject: [FD] CVE-2020-24990 Q-SYS <= 8.2.1 TFTP Directory Traversal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > [Suggested description] > An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing > the TFTP service running on UDP port 69, a remote attacker can perform > a directory traversal and obtain operating system files via a TFTP > GET request, as demonstrated by reading /etc/passwd or /proc/version. > > ------------------------------------------ > > [Vulnerability Type] > Directory Traversal > > ------------------------------------------ > > [Vendor of Product] > QSC LLC > > ------------------------------------------ > > [Affected Product Code Base] > Q-SYS Core Manager - Version 8.2.1 > > ------------------------------------------ > > [Affected Component] > TFTP Service running on UDP port 69 allows for retrieval of arbitrary files through a TFTP GET request > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Attack Vectors] > Remote while unauthenticated to the system > > ------------------------------------------ > > [Reference] > https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm > > ------------------------------------------ > > [Discoverer] > Kevin Randall Use CVE-2020-24990. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJfSxDzAAoJEPNX0OmQPkAIU6QP/3XYuB5gkkSYni0mNCr0YHd4 2Y0U0I/ys/18TwlSrleFxFpbvftEVJ5AMF8h2wxdWOQIUUfO+H9nyzn8SPtczjA1 0UQaGAVXaStWpEjfEa6Q/yCo0Vs/VcmC9kZMFlXafWO4NL62ebJJkJpN+YuePo2q c549Yz6r4KwqhQg92rkd/LsW9n4KS0SBiedN4s8BAqE5N6YSmGO1/y89oeem/UCX qBR1yp0b7ji/FYSJZ96ERn5jcrEhz4SlybIsplT141NZKip0JiUHWTySNGo3vawH gs5hrZHfSv+vIICNB4PhLlrjZYF0l3oyOjTexkTEAb8FebQDZ/Q2WyMfWmetih1V 6JHg5WGwWiI9p8M5BYR1MjtIZi7cVSwHam6oCMio8stsSaObZRYRjG9ad9lu1B48 JxI7xZIjlpAU/lO6vzWIsoGpIPZtPrZD9cqen4FrDZSW2Peezv2AWocmG7wRAPPo q+W2tQitsuXFrBo8dGnwklQk5TjA/rKRTEV+A3BsSFXqCsG+NEcZb0LaTwuRsVyI tRaO59zsuMgMy4g8JNHri+yOYSf++yUeaAPffTLMuBbfJYU5NYKq9QVG5tHVtc8t vXWz848rvXw+tFEW7B1oGp05HwF0X22/y2kdxuFVvFyYSodbYSOmdjbmbTHBbn4a 0w2kvZkGMiKcZsOKowWI =7DTq -----END PGP SIGNATURE----- -- Kevin Randall _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists