| VID |
22124 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Directory Manager allows a remote attacker to execute arbitrary commands.
Directory Manager, developed by Vibechild, is an application used to manage LDAP directory data. The 'edit_image.php' script in Directory Manager before version 0.91 has a serious security flaw, which allows a remote attacker to execute commands on a host running the software as webserver-user.
This flaw is due to an input validation error in the script of the package that fails to filter shell metacharacters in the userfile_name parameter passed to PHP's passthru() function.
This vulnerability may lead to the disclosure of sensitive data on or compromise of a vulnerable host.
For an instance, you can test this flaw by sending a HTTP request such as the following :
http://target_host/edit_image.php?dn=1&userfile=/etc/passwd&userfile_name=%20;ls;%20
* References:
http://online.securityfocus.com/bid/3288
http://www.iss.net/security_center/static/7079.php |
| Recommendation |
Upgrade to the latest version (0.91 or later) of Directory Manager, available from SourceForge Web site, http://sourceforge.net/project/shownotes.php?release_id=51589 |
| Related URL |
CVE-2001-1020 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
