[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Directory Traversal Vulnerability in Viola DVR VIO-4/1000

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Directory Traversal Vulnerability in Viola DVR VIO-4/1000
From: by_argos@xxxxxxxxxxx
Date: 19 Apr 2011 21:30:16 -0000

==============================================================
   Viola DVR VIO-4/1000 - Directory Traversal Vulnerability
==============================================================

Software: Viola DVR VIO-4/1000 (other products may be affected)
Vendor: http://www.videcon.co.uk/
Vuln Type: Directory Traversal
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
Website: http://www.qsecure.com.cy
Discovered: 04/04/2011
Reported: 12/04/2011
Disclosed: 19/04/2011
Vendor's Response: None
Vulnerability Reference: 
http://www.qsecure.com.cy/advisories/dir_traversal_in_viola_dvr.html

VULNERABILITY DESCRIPTION:
==========================
The scripts "/cgi-bin/wappwd" and "/cgi-bin/wapopen" are prone to a 
directory-traversal vulnerability because they fail to properly sanitize 
user-supplied input in the "FILEFAIL" and "FILECAMERA" parameters respectively.

An attacker can exploit this vulnerability to retrieve arbitrary files from the 
vulnerable system in the context of the affected application. Information 
obtained may aid in further attacks.

Authentication is not required to exploit the vulnerability.

PoC Exploit:
============
/cgi-bin/wappwd?FILEFAIL=../../../etc/passwd
/cgi-bin/wapopen?FILECAMERA=../../../etc/passwd

Prev by Date: [USN-1116-1] Kerberos vulnerability
Next by Date: [SECURITY] [DSA 2220-1] Request Tracker security update
Previous by thread: [USN-1116-1] Kerberos vulnerability
Next by thread: [SECURITY] [DSA 2220-1] Request Tracker security update
Index(es):
- Date
- Thread