SSD安全公告-vBulletin routestring未经验证的远程代码执行

漏洞概要
以下安全公告描述了在vBulletin5中发现的一个未经身份验证的文件包含漏洞,成功利用该漏洞可造成远程代码执行。

Continue reading SSD安全公告-vBulletin routestring未经验证的远程代码执行

SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution

Vulnerability Summary
The following advisory describes a unauthenticated file inclusion vulnerability that leads to remote code execution found in vBulletin version 5.

vBulletin, also known as vB, is a widespread proprietary Internet forum software package developed by vBulletin Solutions, Inc., based on PHP and MySQL database server. vBulletin powers many of the largest social sites on the web, with over 100,000 sites built on it, including Fortune 500 and Alexa Top 1M companies websites and forums. According to the latest W3Techs1 statistics, vBulletin version 4 holds more than 55% of the vBulletin market share, while version 3 and 5 divide the remaining percentage

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact vBulletin since November 21 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Continue reading SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution

SSD Advisory – DblTek Multiple Vulnerabilities

Vulnerabilities summary
The following advisory describes 2 (two) vulnerabilities found in DblTek webserver.

DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 16, and 32-channel in order to meet the wide range of market demands. All our products are priced very attractively and probably the lowest in the market. Because of the price and performance, GoIPs have been widely adopted by system integrators, VoIP service providers, and many other business and individual users.”

The vulnerabilities found are:

  • Pre-authentication Information Disclosure
  • Command Execution

It is possible to combine the 2 vulnerabilities and gain unauthenticated remote command execution.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response

DblTek has released patches to address those vulnerabilities.

CVE-2017-16934

Continue reading SSD Advisory – DblTek Multiple Vulnerabilities

SSD Advisory – Sophos XG Firewall Path Traversal

Vulnerabilities Summary
The following advisory describe two (2) vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4.

Sophos XG Firewall provides “unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls”.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
The vendor has released patches to address this vulnerability:
“The patches were released as part of SFOS 16.05.5 MR5:
https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-16-05-5-mr5-released

Our internal bug number was NC-18958, mentioned in the changelog”

CVE: CVE-2017-12854

Continue reading SSD Advisory – Sophos XG Firewall Path Traversal