lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAM-upGqmPCXxjQ4JL=hCk-E0pwRADZSMYNWodCTWeinJ0P8hHg@mail.gmail.com>
Date: Thu, 22 Oct 2020 06:46:06 -0400
From: Kevin R <krandall2013@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2020-24990 Q-SYS <= 8.2.1 TFTP Directory Traversal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [Suggested description]
> An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing
> the TFTP service running on UDP port 69, a remote attacker can perform
> a directory traversal and obtain operating system files via a TFTP
> GET request, as demonstrated by reading /etc/passwd or /proc/version.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Directory Traversal
>
> ------------------------------------------
>
> [Vendor of Product]
> QSC LLC
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Q-SYS Core Manager - Version 8.2.1
>
> ------------------------------------------
>
> [Affected Component]
> TFTP Service running on UDP port 69 allows for retrieval of arbitrary
files through a TFTP GET request
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Remote while unauthenticated to the system
>
> ------------------------------------------
>
> [Reference]
> https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm
>
> ------------------------------------------
>
> [Discoverer]
> Kevin Randall

Use CVE-2020-24990.

- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJfSxDzAAoJEPNX0OmQPkAIU6QP/3XYuB5gkkSYni0mNCr0YHd4
2Y0U0I/ys/18TwlSrleFxFpbvftEVJ5AMF8h2wxdWOQIUUfO+H9nyzn8SPtczjA1
0UQaGAVXaStWpEjfEa6Q/yCo0Vs/VcmC9kZMFlXafWO4NL62ebJJkJpN+YuePo2q
c549Yz6r4KwqhQg92rkd/LsW9n4KS0SBiedN4s8BAqE5N6YSmGO1/y89oeem/UCX
qBR1yp0b7ji/FYSJZ96ERn5jcrEhz4SlybIsplT141NZKip0JiUHWTySNGo3vawH
gs5hrZHfSv+vIICNB4PhLlrjZYF0l3oyOjTexkTEAb8FebQDZ/Q2WyMfWmetih1V
6JHg5WGwWiI9p8M5BYR1MjtIZi7cVSwHam6oCMio8stsSaObZRYRjG9ad9lu1B48
JxI7xZIjlpAU/lO6vzWIsoGpIPZtPrZD9cqen4FrDZSW2Peezv2AWocmG7wRAPPo
q+W2tQitsuXFrBo8dGnwklQk5TjA/rKRTEV+A3BsSFXqCsG+NEcZb0LaTwuRsVyI
tRaO59zsuMgMy4g8JNHri+yOYSf++yUeaAPffTLMuBbfJYU5NYKq9QVG5tHVtc8t
vXWz848rvXw+tFEW7B1oGp05HwF0X22/y2kdxuFVvFyYSodbYSOmdjbmbTHBbn4a
0w2kvZkGMiKcZsOKowWI
=7DTq
-----END PGP SIGNATURE-----


-- 
Kevin Randall

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ