Cerberus FTP Server <= 5.0.5.1 Multiple XSS vulnerabilities

2012-12-19 / 2012-12-20
Credit: Ken
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2012-6339
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Overview =============== Cerberus FTP Server (http://www.cerberusftp.com/) is a secure and reliable FTP server with many features and available functionality. It was discovered that the Web Administration interface has multiple persistent Cross Site Scripting (XSS) vulnerabilities. In the log viewer there is a XSS vulnerability which may be used by an unauthenticated user against an authenticated user. In the server manager a trivial XSS vulnerability exists which may be used by the authenticated user. Analysis =============== To start, the vulnerabilities in the on the "/servermanger" page is trivial to exploit by escaping the "<textarea>" tags for each available server message. The "/log" is less trivial to exploit in that the log page uses async-javascript callbacks to collect and display log data to the user. The log clears itself in 2-3 seconds as well. This occurs normally on an 8 second cycle and I in my experience it was difficult to have the log populated with appropriate attack vectors during a window to achieve exploitation. I believe an administrative user would have to be logged in at the time of the attack and actively viewing the "/log" page to achieve successful exploitation. Due to these limitations I believe this to have a significant effect on the impact and reliability on any possible exploit code. For more discussion on these bugs I've created a brief write-up at: http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html Timeline =============== 12/05/2012 - Discovered multiple bugs in product vendor's application 12/06/2012 - Disclosure of details to product vendor 12/07/2012 - Vendor created fixes for reported bugs 12/13/2012 - CVE Assignment 12/19/2012 - Public disclosure to Bugtraq CVE(s) =============== CVE-2012-6339: Multiple XSS vulnerabilities in Cerberus FTP Web Administration interface. Affected pages are "/log" and "/servermanager". Remediation =============== Update to the latest version of Cerberus FTP Server. Special Thanks =============== Special Thanks to Grant Cerberus for his incredible response time and dedication to secure coding principles. For more information concerning myself or my research: sadgeeksinsnow.blogspot.com

References:

http://sadgeeksinsnow.blogspot.com/
http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top