|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com
Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com |
|
|
Home SecurityAlert Database |
|
|
Topic : | BitDefender Update Server - Unauthorized Remote File Access Vulnerability
|
SecurityAlert : 3568
CVE : CVE-2008-0396
SecurityRisk : Medium (About)
Remote Exploit : Yes
Local Exploit : Yes
Exploit Given : Yes
Credit : oliver karow
Published : 23.01.2008
Affected Software : | BitDefender Update Server |
 Advisory Text : BitDefender Update Server - Unauthorized Remote File Access Vulnerability
====================================================
* Affected Products:
- BitDefender Security for Fileservers
- BitDefender Enterprise Manager (BDEM)
- All BitDefender Products, using their internal update server product
* Discovered by: Oliver Karow
http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file
-access-vulnerability/
* Vulnerable platform: Windows
* Vulnerable Version: N/A
Product/Company-Information:
=====================
- From Bitdefender's web site:
"BitDefenderT provides security solutions to satisfy the protection
requirements of today's computing environment, delivering effective threat
management for over 41 million home and corporate users in more than 100
countries. BitDefender, a division of SOFTWIN, is headquartered in
Bucharest, Romania and has offices in Tettnang, Germany, Barcelona, Spain
and Fort Lauderdale (FL), USA.
.....The Update Server allows you to set up an upgrade location within your
local network. This way you needn't worry about updating the products
installed on computers that are not connected to the Internet, achieving,
at the same time, faster updates and reduced
Internet traffic. The BitDefender Update Server is easy to configure
through an intuitive step by step wizard. It will help you get the latest
updates for all BitDefender products."
Vulnerability / Exploit
===============
The Update Server, which is part of several of BitDefender's Enterprise
products, is running an Http-Daemon. The http.exe process is running with
localsystem privileges and is vulnerable to the plain old directory
traversal vulnerability. Thus it is possible to access files outside of the
applications root directory with the named privileges.
To exploit simply do an
echo -e "GET /../../boot.ini HTTP/1.0rnrn" | nc <server> <port>
or use your webbrowser :)
History:
======
* Date of Discovery: 07. Dec. 2007
* Mail to vendor: 16. Jan. 2008; security (at) bitdefender (dot) com [email
concealed]
* Response from Vendor: 18. Jan. 2008; Requesting me to open an account to
get access to BitDefender's Support :)
* Advisory Release: 19. Jan. 2008
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
|
|
|
|