Welcome to e-playa where the spam bots run free
-
Kinetic IV
- Posts: 2977
- Joined: Sun Apr 03, 2005 7:34 pm
- Location: Kyiv, Ukraine as of 10/27/06
After doing some checking it may appear Mozy is right. We're seeing an assault in progress.
Source: http://secunia.com/advisories/17330/
Snoopy "_httpsrequest()" Shell Command Injection Vulnerability
Secunia Advisory: SA17330
Release Date: 2005-10-26
Last Update: 2005-11-08
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Snoopy 1.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Daniel Fabian has discovered a vulnerability in Snoopy, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "_httpsrequest()" function isn't properly sanitised before being used in an "exec()" call. This can be exploited to inject arbitrary shell commands via a script calling the "fetch()" or "submit()" function with an URL controlled by the attacker.
This can also be exploited via a malicious server responding with a redirection to a specially crafted URL.
The vulnerability has been confirmed in version 1.2. Prior versions may also be affected.
Solution:
Update to version 1.2.3.
http://sourceforge.net/project/showfile ... up_id=2091
Provided and/or discovered by:
Daniel Fabian, SEC-CONSULT
Additional information provided by Florian Weimer.
Changelog:
2005-10-31: Added additional attack vector provided by Florian Weimer and increased criticality.
2005-11-07: Added link to original advisory.
2005-11-08: The vendor issues a new version to correctly fix the vulnerability.
Original Advisory:
SEC-CONSULT:
http://www.sec-consult.com/216.html
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Oh Spanky, where are you? If this keeps up and they exploit the 2 others holes I found while digging around on that site....kiss the eplaya goodbye for awhile.
Source: http://secunia.com/advisories/17330/
Snoopy "_httpsrequest()" Shell Command Injection Vulnerability
Secunia Advisory: SA17330
Release Date: 2005-10-26
Last Update: 2005-11-08
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Snoopy 1.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Daniel Fabian has discovered a vulnerability in Snoopy, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "_httpsrequest()" function isn't properly sanitised before being used in an "exec()" call. This can be exploited to inject arbitrary shell commands via a script calling the "fetch()" or "submit()" function with an URL controlled by the attacker.
This can also be exploited via a malicious server responding with a redirection to a specially crafted URL.
The vulnerability has been confirmed in version 1.2. Prior versions may also be affected.
Solution:
Update to version 1.2.3.
http://sourceforge.net/project/showfile ... up_id=2091
Provided and/or discovered by:
Daniel Fabian, SEC-CONSULT
Additional information provided by Florian Weimer.
Changelog:
2005-10-31: Added additional attack vector provided by Florian Weimer and increased criticality.
2005-11-07: Added link to original advisory.
2005-11-08: The vendor issues a new version to correctly fix the vulnerability.
Original Advisory:
SEC-CONSULT:
http://www.sec-consult.com/216.html
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Oh Spanky, where are you? If this keeps up and they exploit the 2 others holes I found while digging around on that site....kiss the eplaya goodbye for awhile.