|
BadBlue Arbitrary Administrative Actions Vulnerability
|
|
Secunia Advisory:
|
SA8626
|
|
|
Release Date:
|
2003-04-21
|
|
Popularity:
|
4,700 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | BadBlue Personal Edition 1.x
BadBlue Personal Edition 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability has been identified in BadBlue, which can be exploited by malicious people to perform arbitrary administrative actions on the server.
The vulnerability is caused due to an input validation error in the included ISAPI extension. A malicious person can exploit this to circumvent the access control to ".hts" files by appending the URL encoded representation of a space ("%20") followed by arbitrary arguments using the LoadPage command syntax to the end of the file extension of the requested file.
An example, which creates a "/root" virtual directory mapped to "\", was included in the original advisory:
http://[target]/ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
BadBlue version 2.15 and prior have been reported vulnerable.
Solution:
Update to version 2.16.
Personal Edition users may download this from:
http://www.badblue.com/down.htm
Enterprise Edition customers are advised to contact the vendor for an update.
Provided and/or discovered by:
Matthew Murphy
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
