[Wien] (security) Fwd: [SA40337] Ubiquiti NanoStation Shell Command Injection Vulnerability

L. Aaron Kaplan (spam-protected)
Di Jul 6 15:13:34 CEST 2010 

Achtung! 
Das betrifft alle hier, die die Nanostation direkt mit AirOS betreiben!



Begin forwarded message:

> From: Secunia Security Advisories <(spam-protected)>
> Date: July 6, 2010 3:07:13 AM GMT+02:00
> To: (spam-protected)
> Subject: [SA40337] Ubiquiti NanoStation Shell Command Injection Vulnerability
> 
> 
(...)
> VERIFY ADVISORY:
> Secunia.com
> http://secunia.com/advisories/40337/
> Customer Area (Credentials Required)
> https://ca.secunia.com/?page=viewadvisory&vuln_id=40337
> 
> RELEASE DATE:
> 2010-07-06
> 
> DISCUSS ADVISORY:
> http://secunia.com/advisories/40337/#comments
> 
> AVAILABLE ON SITE AND IN CUSTOMER AREA:
> * Last Update
> * Popularity
> * Comments
> * Criticality Level
> * Impact
> * Where
> * Solution Status
> * Operating System / Software
> * CVE Reference(s)
> 
> http://secunia.com/advisories/40337/
> 
> ONLY AVAILABLE IN CUSTOMER AREA:
> * Authentication Level
> * Report Reliability
> * Secunia PoC
> * Secunia Analysis
> * Systems Affected
> * Approve Distribution
> * Remediation Status
> * Secunia CVSS Score
> * CVSS
> 
> https://ca.secunia.com/?page=viewadvisory&vuln_id=40337
> 
> 
(...)
> 
> DESCRIPTION:
> A vulnerability has been reported in Ubiquiti NanoStation, which can
> be exploited by malicious users to compromise a vulnerable system.
> 
> Input passed via the "ifname" parameter to stainfo.cgi in the web
> management interface is not properly sanitised before being used as a
> command line argument. This can be exploited to inject arbitrary shell
> commands.
> 
> The vulnerability is reported in NanoStation5 running AirOS.
> 
> SOLUTION:
> Reportedly fixed firmware has been released. Contact the vendor for
> further information.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Emanuele 'emgent' Gentili
> 
> ORIGINAL ADVISORY:
> http://www.exploit-db.com/exploits/14146/
> 
> OTHER REFERENCES:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
> 
> DEEP LINKS:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
> 
> EXTENDED DESCRIPTION:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
> 
> EXTENDED SOLUTION:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
> 
> EXPLOIT:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
> 
> ----------------------------------------------------------------------
> (...)


--
L. Aaron Kaplan
http://www.cert.at
(spam-protected)
Tel: +43 1 505 64 16 / 78

Mehr Informationen über die Mailingliste Wien