what you don't know can hurt you

Astaro Security Gateway Cross Site Scripting

Astaro Security Gateway Cross Site Scripting
Posted Jun 12, 2012
Authored by Julien Ahrens

Astaro Security Gateway suffers from a backup related cross site scripting vulnerability. Version 8.304 is affected.

tags | advisory, xss
advisories | CVE-2012-3238
MD5 | ea9e06da089620a616f5106692cb021d

Astaro Security Gateway Cross Site Scripting

Change Mirror Download
Inshell Security Advisory
http://www.inshell.net/


1. ADVISORY INFORMATION
-----------------------
Product: Astaro Security Gateway
Vendor URL: www.astaro.com / www.sophos.com
Type: Cross-site Scripting [CWE-79]
Date found: 2012-05-11
Date published: 2012-06-10
CVSSv2 Score: 3,5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE: CVE-2012-3238


2. CREDITS
----------
This vulnerability was discovered and researched by Julien Ahrens from
Inshell Security.


3. VERSIONS AFFECTED
--------------------
Astaro Security Gateway v8.304, older versions are affected too.


4. VULNERABILITY DESCRIPTION
----------------------------
A Persistent Cross-Site Scripting Vulnerability has been found on the
Astaro Security Gateway product.

The vulnerability is located in the backup-function of the software:

Vulnerable Module(s):
+Management -> Backup/Restore
Parameter: "Comment (optional)"

The input field "Comment (optional)" is shown on the "Available backups"
view after successful creation of a new backup and is also included into
the backup-file itself.

Due to improper input - validation of this input field, an attacker
could permanently inject arbitrary code with required user interaction
into the context of the firewall-interface. Successful exploitation of
the vulnerability allows for example cookie theft, session hijacking or
server side context manipulation.


5. PROOF-OF-CONCEPT (CODE / EXPLOIT)
------------------------------------
An attacker needs to force the victim to import an arbitrary
backup-file. The victim does not need to apply the backup, only the
import is required to exploit the vulnerability.

For further information (screenshots, PoCs etc.) visit:
http://security.inshell.net/advisory/27


6. SOLUTION
-----------
Update to v8.305.


7. REPORT TIMELINE
------------------
2012-05-12: Initial notification sent to vendor
2012-05-12: Vendor response
2012-05-12: Vulnerability details reported to vendor
2012-05-15: Vendor acknowledgement
2012-05-31: Vendor releases Update / Fix
2012-06-10: Coordinated public release of advisory


8. REFERENCES
-------------
http://www.astaro.com/en-uk/blog/up2date/8305
http://security.inshell.net

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close