202 lines
No EOL
6.3 KiB
Text
202 lines
No EOL
6.3 KiB
Text
Title:
|
||
======
|
||
Pandora FMS v4.0.1 - Local File Include Vulnerability
|
||
|
||
|
||
Date:
|
||
=====
|
||
2012-02-17
|
||
|
||
|
||
References:
|
||
===========
|
||
http://www.vulnerability-lab.com/get_content.php?id=435
|
||
|
||
|
||
VL-ID:
|
||
=====
|
||
435
|
||
|
||
|
||
Introduction:
|
||
=============
|
||
Pandora FMS is a monitoring Open Source software. It watches your systems and applications, and allows you to
|
||
know the status of any element of those systems. Pandora FMS could detect a network interface down, a defacement
|
||
in your website, a memory leak in one of your server application, or the movement of any value of the NASDAQ
|
||
new technology market.
|
||
|
||
* Detect new systems in network.
|
||
* Checks for availability or performance.
|
||
* Raise alerts when something goes wrong.
|
||
* Allow to get data inside systems with its own lite agents (for almost every Operating System).
|
||
* Allow to get data from outside, using only network probes. Including SNMP.
|
||
* Get SNMP Traps from generic network devices.
|
||
* Generate real time reports and graphics.
|
||
* SLA reporting.
|
||
* User defined graphical views.
|
||
* Store data for months, ready to be used on reporting.
|
||
* Real time graphs for every module.
|
||
* High availability for each component.
|
||
* Scalable and modular architecture.
|
||
* Supports up to 2500 modules per server.
|
||
* User defined alerts. Also could be used to react on incidents.
|
||
* Integrated incident manager.
|
||
* Integrated DB management: purge and DB compaction.
|
||
* Multiuser, multi profile, multi group.
|
||
* Event system with user validation for operation in teams.
|
||
* Granularity of accesses and user profiles for each group and each user.
|
||
* Profiles could be personalized using up to eight security attributes without limitation on groups or profiles.
|
||
|
||
Pandora FMS runs on any operating system, with specific agents for each platform, gathering data and sending it to a
|
||
server, it has specific agents for GNU/Linux, AIX, Solaris, HP-UX, BSD/IPSO, and Windows 2000, XP and 2003.
|
||
|
||
(Copy of the Vendor Homepage: http://pandorafms.org/index.php?sec=project&sec2=home&lang=en)
|
||
|
||
|
||
Abstract:
|
||
=========
|
||
Vulnerability-Lab Team discovered a File Include Vulnerability on Pandoras FMS Monitoring Application v4.0.1
|
||
|
||
|
||
Report-Timeline:
|
||
================
|
||
2012-02-01: Vendor Notification
|
||
2012-02-17: Public or Non-Public Disclosure
|
||
|
||
|
||
Status:
|
||
========
|
||
Published
|
||
|
||
|
||
Affected Products:
|
||
==================
|
||
Pandora FMS
|
||
Product: UTM Firewall Appliance Application v4.0.1
|
||
|
||
|
||
Exploitation-Technique:
|
||
=======================
|
||
Local
|
||
|
||
|
||
Severity:
|
||
=========
|
||
High
|
||
|
||
|
||
Details:
|
||
========
|
||
A local File Include vulnerability is detected on Pandoras FMS Monitoring Application Service v4.0.1.
|
||
The vulnerability allows an attackers to request local system or application files (example:module). Successful
|
||
exploitation can result in dbms or service/appliance/application compromise via file include vulnerability.
|
||
|
||
Vulnerable Module(s):
|
||
|
||
[+] Services&Sec2=
|
||
|
||
Affected Version(s):
|
||
[+] Pandora FMS Monitoring v4.0.1
|
||
|
||
|
||
Picture(s):
|
||
../1.png
|
||
../2.png
|
||
|
||
|
||
Proof of Concept:
|
||
=================
|
||
The vulnerability can be exploited by remote attacker with privileged user account. For demonstration or reproduce ...
|
||
|
||
|
||
http://[SERVER].[COM]/[PANDORA PATH]/[INDEX].[PHP]?sec=services&sec2=[FILE INCLUDE VULNERABILITY!]
|
||
|
||
|
||
Risk:
|
||
=====
|
||
The security risk of the local path include vulnerability is estimated as high(-).
|
||
|
||
|
||
Credits:
|
||
========
|
||
Vulnerability Research Laboratory - Ucha Gobejishvili (longrifle0x)
|
||
|
||
|
||
Disclaimer:
|
||
===========
|
||
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
|
||
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
|
||
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
|
||
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
|
||
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
|
||
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
|
||
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
|
||
other media, are reserved by Vulnerability-Lab or its suppliers.
|
||
|
||
Copyright <20> 2012|Vulnerability-Lab
|
||
|
||
----------- + VIDEO ;)
|
||
Title:
|
||
======
|
||
Pandora FMS Monitoring - File Include Vulnerability VD
|
||
|
||
|
||
Date:
|
||
=====
|
||
2012-02-17
|
||
|
||
|
||
References:
|
||
===========
|
||
Download: http://www.vulnerability-lab.com/resources/videos/438.wmv
|
||
View: http://www.youtube.com/watch?v=WAkW1x_gSCw
|
||
|
||
|
||
|
||
VL-ID:
|
||
=====
|
||
438
|
||
|
||
|
||
Status:
|
||
========
|
||
Published
|
||
|
||
|
||
Exploitation-Technique:
|
||
=======================
|
||
Offensiv
|
||
|
||
|
||
Severity:
|
||
=========
|
||
High
|
||
|
||
|
||
Details:
|
||
========
|
||
The video shows a live exploitation session on pandoras fms monitoring web application v4.0.1.
|
||
The session has been recorded by the famous young longrifle0x alias Ucha G. & explains how to identify a local file include vulnerability.
|
||
|
||
|
||
Credits:
|
||
========
|
||
Vulnerability Research Laboratory - Ucha G. (longrifle0x)
|
||
|
||
|
||
Disclaimer:
|
||
===========
|
||
The information provided in this video is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
|
||
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
|
||
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
|
||
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
|
||
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
|
||
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
|
||
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
|
||
other media, are reserved by Vulnerability-Lab or its suppliers.
|
||
|
||
Copyright <20> 2012|Vulnerability-Lab
|
||
|
||
--
|
||
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
|
||
Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com |