204 lines
6.5 KiB
Text
Executable file
204 lines
6.5 KiB
Text
Executable file
Title:
|
|
======
|
|
Pandora FMS v4.0.1 - Local File Include Vulnerability
|
|
|
|
|
|
Date:
|
|
=====
|
|
2012-02-17
|
|
|
|
|
|
References:
|
|
===========
|
|
http://www.vulnerability-lab.com/get_content.php?id=435
|
|
|
|
|
|
VL-ID:
|
|
=====
|
|
435
|
|
|
|
|
|
Introduction:
|
|
=============
|
|
Pandora FMS is a monitoring Open Source software. It watches your systems and applications, and allows you to
|
|
know the status of any element of those systems. Pandora FMS could detect a network interface down, a defacement
|
|
in your website, a memory leak in one of your server application, or the movement of any value of the NASDAQ
|
|
new technology market.
|
|
|
|
* Detect new systems in network.
|
|
* Checks for availability or performance.
|
|
* Raise alerts when something goes wrong.
|
|
* Allow to get data inside systems with its own lite agents (for almost every Operating System).
|
|
* Allow to get data from outside, using only network probes. Including SNMP.
|
|
* Get SNMP Traps from generic network devices.
|
|
* Generate real time reports and graphics.
|
|
* SLA reporting.
|
|
* User defined graphical views.
|
|
* Store data for months, ready to be used on reporting.
|
|
* Real time graphs for every module.
|
|
* High availability for each component.
|
|
* Scalable and modular architecture.
|
|
* Supports up to 2500 modules per server.
|
|
* User defined alerts. Also could be used to react on incidents.
|
|
* Integrated incident manager.
|
|
* Integrated DB management: purge and DB compaction.
|
|
* Multiuser, multi profile, multi group.
|
|
* Event system with user validation for operation in teams.
|
|
* Granularity of accesses and user profiles for each group and each user.
|
|
* Profiles could be personalized using up to eight security attributes without limitation on groups or profiles.
|
|
|
|
Pandora FMS runs on any operating system, with specific agents for each platform, gathering data and sending it to a
|
|
server, it has specific agents for GNU/Linux, AIX, Solaris, HP-UX, BSD/IPSO, and Windows 2000, XP and 2003.
|
|
|
|
(Copy of the Vendor Homepage: http://pandorafms.org/index.php?sec=project&sec2=home&lang=en)
|
|
|
|
|
|
Abstract:
|
|
=========
|
|
Vulnerability-Lab Team discovered a File Include Vulnerability on Pandoras FMS Monitoring Application v4.0.1
|
|
|
|
|
|
Report-Timeline:
|
|
================
|
|
2012-02-01: Vendor Notification
|
|
2012-02-17: Public or Non-Public Disclosure
|
|
|
|
|
|
Status:
|
|
========
|
|
Published
|
|
|
|
|
|
Affected Products:
|
|
==================
|
|
Pandora FMS
|
|
Product: UTM Firewall Appliance Application v4.0.1
|
|
|
|
|
|
Exploitation-Technique:
|
|
=======================
|
|
Local
|
|
|
|
|
|
Severity:
|
|
=========
|
|
High
|
|
|
|
|
|
Details:
|
|
========
|
|
A local File Include vulnerability is detected on Pandoras FMS Monitoring Application Service v4.0.1.
|
|
The vulnerability allows an attackers to request local system or application files (example:module). Successful
|
|
exploitation can result in dbms or service/appliance/application compromise via file include vulnerability.
|
|
|
|
Vulnerable Module(s):
|
|
|
|
[+] Services&Sec2=
|
|
|
|
Affected Version(s):
|
|
[+] Pandora FMS Monitoring v4.0.1
|
|
|
|
|
|
Picture(s):
|
|
../1.png
|
|
../2.png
|
|
|
|
|
|
Proof of Concept:
|
|
=================
|
|
The vulnerability can be exploited by remote attacker with privileged user account. For demonstration or reproduce ...
|
|
|
|
|
|
http://[SERVER].[COM]/[PANDORA PATH]/[INDEX].[PHP]?sec=services&sec2=[FILE INCLUDE VULNERABILITY!]
|
|
|
|
|
|
Risk:
|
|
=====
|
|
The security risk of the local path include vulnerability is estimated as high(-).
|
|
|
|
|
|
Credits:
|
|
========
|
|
Vulnerability Research Laboratory - Ucha Gobejishvili (longrifle0x)
|
|
|
|
|
|
Disclaimer:
|
|
===========
|
|
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
|
|
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
|
|
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
|
|
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
|
|
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
|
|
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
|
|
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
|
|
other media, are reserved by Vulnerability-Lab or its suppliers.
|
|
|
|
Copyright ? 2012|Vulnerability-Lab
|
|
|
|
----------- + VIDEO ;)
|
|
Title:
|
|
======
|
|
Pandora FMS Monitoring - File Include Vulnerability VD
|
|
|
|
|
|
Date:
|
|
=====
|
|
2012-02-17
|
|
|
|
|
|
References:
|
|
===========
|
|
Download: http://www.vulnerability-lab.com/resources/videos/438.wmv
|
|
View: http://www.youtube.com/watch?v=WAkW1x_gSCw
|
|
|
|
|
|
|
|
VL-ID:
|
|
=====
|
|
438
|
|
|
|
|
|
Status:
|
|
========
|
|
Published
|
|
|
|
|
|
Exploitation-Technique:
|
|
=======================
|
|
Offensiv
|
|
|
|
|
|
Severity:
|
|
=========
|
|
High
|
|
|
|
|
|
Details:
|
|
========
|
|
The video shows a live exploitation session on pandoras fms monitoring web application v4.0.1.
|
|
The session has been recorded by the famous young longrifle0x alias Ucha G. & explains how to identify a local file include vulnerability.
|
|
|
|
|
|
Credits:
|
|
========
|
|
Vulnerability Research Laboratory - Ucha G. (longrifle0x)
|
|
|
|
|
|
Disclaimer:
|
|
===========
|
|
The information provided in this video is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
|
|
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
|
|
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
|
|
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
|
|
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
|
|
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
|
|
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
|
|
other media, are reserved by Vulnerability-Lab or its suppliers.
|
|
|
|
Copyright ? 2012|Vulnerability-Lab
|
|
|
|
--
|
|
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
|
|
Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com
|
|
|
|
|