Secunia Security Advisory - Secunia Research has discovered a vulnerability in Akamai Red Swoosh client, which can be exploited by malicious people to conduct cross-site request forgery attacks and compromise a user's system.
350a1daba2315f5b199be94e029fca2059c8e5512d3d6bbd4db7db7504e11599
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Akamai Red Swoosh Client Cross-Site Request Forgery
SECUNIA ADVISORY ID:
SA30135
VERIFY ADVISORY:
http://secunia.com/advisories/30135/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Akamai Red Swoosh Client
http://secunia.com/product/18627/
DESCRIPTION:
Secunia Research has discovered a vulnerability in Akamai Red Swoosh
client, which can be exploited by malicious people to conduct
cross-site request forgery attacks and compromise a user's system.
The Red Swoosh client implements a web server listening on port
9421/TCP on the loopback interface for management commands.
Authorisation based on the HTTP "referer" header can be bypassed to
initiate arbitrary URLs to be downloaded and executed.
The Red Swoosh client can be installed manually by visiting the
Akamai website. However, it may also be silently installed by the
Akamai Download Manager.
SOLUTION:
Update to version 3333.
Windows:
http://www.akapult.net/install/bin/rswin_3333.dll
MacOS:
http://www.akapult.net/install/bin/rsmac_3333
Linux:
http://www.akapult.net/install/bin/rslin_3333
PROVIDED AND/OR DISCOVERED BY:
Dyon Balding, Secunia Research.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2008-19/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------