| VID |
21211 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Multi Router Traffic Grapher (MRTG) CGI has a directory traversal vulnerability.
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. The MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. Multi Router Traffic Grapher (MRTG) CGI scripts (current version is 2.9.17) allow a remote attacker to read arbitrary files on the web server with the privileges of the http daemon due to input validation error.
The scripts reported to be vulnerable include mrtg.cgi, traffic.cgi, 14all-1.1.cgi, and 14all.cgi. All affected scripts are reportedly exploited with the same query string (ie, the "cfg=" variable).
* Example URLs:
http://somehost/mrtg.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
http://www.target.com/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, add the following line to the vulnerable scripts to filter suspect characters from the cfg parameter:
$input =~s/[(\.\.)|\/]//g; |
| Related URL |
CVE-2002-0232 (CVE) |
| Related URL |
4017 (SecurityFocus) |
| Related URL |
8062 (ISS) |
|
