Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting

2012-06-11 / 2012-06-13

Credit: Inshell Security

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2012-3238

CWE: CWE-79

Ogólna skala CVSS: 4.3/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 8.6/10

Wymagany dostęp: Zdalny

Złożoność ataku: Średnia

Autoryzacja: Nie wymagana

Wpływ na poufność: Brak

Wpływ na integralność: Częściowy

Wpływ na dostępność: Brak

Inshell Security Advisory
http://www.inshell.net/
1. ADVISORY INFORMATION
-----------------------
Product: Astaro Security Gateway
Vendor URL: www.astaro.com / www.sophos.com
Type: Cross-site Scripting [CWE-79]
Date found: 2012-05-11
Date published: 2012-06-10
CVSSv2 Score: 3,5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE: CVE-2012-3238
2. CREDITS
----------
This vulnerability was discovered and researched by Julien Ahrens from
Inshell Security.
3. VERSIONS AFFECTED
--------------------
Astaro Security Gateway v8.304, older versions are affected too.
4. VULNERABILITY DESCRIPTION
----------------------------
A Persistent Cross-Site Scripting Vulnerability has been found on the
Astaro Security Gateway product.
The vulnerability is located in the backup-function of the software:
Vulnerable Module(s):
+Management -> Backup/Restore
Parameter: "Comment (optional)"
The input field "Comment (optional)" is shown on the "Available backups"
view after successful creation of a new backup and is also included into
the backup-file itself.
Due to improper input - validation of this input field, an attacker
could permanently inject arbitrary code with required user interaction
into the context of the firewall-interface. Successful exploitation of
the vulnerability allows for example cookie theft, session hijacking or
server side context manipulation.
5. PROOF-OF-CONCEPT (CODE / EXPLOIT)
------------------------------------
An attacker needs to force the victim to import an arbitrary
backup-file. The victim does not need to apply the backup, only the
import is required to exploit the vulnerability.
For further information (screenshots, PoCs etc.) visit:
http://security.inshell.net/advisory/27
6. SOLUTION
-----------
Update to v8.305.
7. REPORT TIMELINE
------------------
2012-05-12: Initial notification sent to vendor
2012-05-12: Vendor response
2012-05-12: Vulnerability details reported to vendor
2012-05-15: Vendor acknowledgement
2012-05-31: Vendor releases Update / Fix
2012-06-10: Coordinated public release of advisory
8. REFERENCES
-------------
http://www.astaro.com/en-uk/blog/up2date/8305
http://security.inshell.net

Referencje:

http://www.astaro.com/en-uk/blog/up2date/8305

http://security.inshell.net

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.