[Wien] (security) Fwd: [SA40337] Ubiquiti NanoStation Shell Command Injection Vulnerability
L. Aaron Kaplan
(spam-protected)
Di Jul 6 15:13:34 CEST 2010
Achtung!
Das betrifft alle hier, die die Nanostation direkt mit AirOS betreiben!
Begin forwarded message:
> From: Secunia Security Advisories <(spam-protected)>
> Date: July 6, 2010 3:07:13 AM GMT+02:00
> To: (spam-protected)
> Subject: [SA40337] Ubiquiti NanoStation Shell Command Injection Vulnerability
>
>
(...)
> VERIFY ADVISORY:
> Secunia.com
> http://secunia.com/advisories/40337/
> Customer Area (Credentials Required)
> https://ca.secunia.com/?page=viewadvisory&vuln_id=40337
>
> RELEASE DATE:
> 2010-07-06
>
> DISCUSS ADVISORY:
> http://secunia.com/advisories/40337/#comments
>
> AVAILABLE ON SITE AND IN CUSTOMER AREA:
> * Last Update
> * Popularity
> * Comments
> * Criticality Level
> * Impact
> * Where
> * Solution Status
> * Operating System / Software
> * CVE Reference(s)
>
> http://secunia.com/advisories/40337/
>
> ONLY AVAILABLE IN CUSTOMER AREA:
> * Authentication Level
> * Report Reliability
> * Secunia PoC
> * Secunia Analysis
> * Systems Affected
> * Approve Distribution
> * Remediation Status
> * Secunia CVSS Score
> * CVSS
>
> https://ca.secunia.com/?page=viewadvisory&vuln_id=40337
>
>
(...)
>
> DESCRIPTION:
> A vulnerability has been reported in Ubiquiti NanoStation, which can
> be exploited by malicious users to compromise a vulnerable system.
>
> Input passed via the "ifname" parameter to stainfo.cgi in the web
> management interface is not properly sanitised before being used as a
> command line argument. This can be exploited to inject arbitrary shell
> commands.
>
> The vulnerability is reported in NanoStation5 running AirOS.
>
> SOLUTION:
> Reportedly fixed firmware has been released. Contact the vendor for
> further information.
>
> PROVIDED AND/OR DISCOVERED BY:
> Emanuele 'emgent' Gentili
>
> ORIGINAL ADVISORY:
> http://www.exploit-db.com/exploits/14146/
>
> OTHER REFERENCES:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
>
> DEEP LINKS:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
>
> EXTENDED DESCRIPTION:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
>
> EXTENDED SOLUTION:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
>
> EXPLOIT:
> Further details available in Customer Area:
> http://secunia.com/products/corporate/EVM/
>
> ----------------------------------------------------------------------
> (...)
--
L. Aaron Kaplan
http://www.cert.at
(spam-protected)
Tel: +43 1 505 64 16 / 78
Mehr Informationen über die Mailingliste Wien