|
|
Family: CGI abuses --> Category: infos
WebAdmin < 3.2.5 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks version of WebAdmin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI application that is affected by
multiple issues.
Description :
The remote host is running WebAdmin, a web-based remote administration
tool for Alt-N MDaemon.
According to its banner, the installed version of WebAdmin fails to
properly filter directory traversal sequences from the 'file'
parameter of the 'logfile_view.wdm' and 'configfile_view.wdm' scripts.
A global administrator can leverage this issue to read and write to
arbitrary files on the affected host, subject to the rights of the
web server user id, which in the case WebAdmin's internal web server
is used, is LOCAL SYSTEM.
In addition, the affected application also reportedly allows a domain
administrator to edit the account of a global administrator, which can
be leveraged to login as the global administrator by changing his
password.
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048959.html
http://lists.altn.com/WebX?50@813.igqdaKNhCRb.0@.eeb9cff
Solution :
Upgrade to WebAdmin 3.2.5 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
