Snoopy CVE-2014-5009 Arbitrary Command Execution Vulnerability
BID:68783
Info
Snoopy CVE-2014-5009 Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 68783 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5009 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 21 2014 12:00AM |
| Updated: | Oct 26 2016 04:01AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Snoopy Snoopy 1.28 IBM PowerKVM 3.1 IBM PowerKVM 2.1 |
| Not Vulnerable: |
Snoopy Snoopy 1.29 |
Discussion
Snoopy CVE-2014-5009 Arbitrary Command Execution Vulnerability
Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.
An attacker may exploit this issue to execute arbitrary commands in the context of the vulnerable webserver.
Note: This issue is the result of an incomplete fix for the issue described in BID 68419 (Snoopy 'exec()' Arbitrary Command Execution Vulnerability).
Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.
An attacker may exploit this issue to execute arbitrary commands in the context of the vulnerable webserver.
Note: This issue is the result of an incomplete fix for the issue described in BID 68419 (Snoopy 'exec()' Arbitrary Command Execution Vulnerability).
Exploit / POC
Snoopy CVE-2014-5009 Arbitrary Command Execution Vulnerability
An attacker may exploit this issue using a web browser.
An attacker may exploit this issue using a web browser.
Solution / Fix
Snoopy CVE-2014-5009 Arbitrary Command Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Snoopy CVE-2014-5009 Arbitrary Command Execution Vulnerability
References:
References:
- Update Snoopy.class.inc #12 (Snoopy)
- Snoopy 1.29 Changelog (Snoopy)
- Snoopy Home Page (Snoopy)
- isg3T1024264: Security Bulletin: Vulnerabilities in nagios affect PowerKVM (IBM)