» scansione con HP WebInspect

chakilda · 24-01-12, 11:06

Ciao a tutti vi chiedo una mano a capire se questi errori rilevati da uno scan fatto dal software HP WebInspect siano effettivamente errori critici o un bug di questo programma.
Premetto che la macchina è un server windows 2008 R2 con IIS7.5 con anche installato php e mysql.
Se secondo voi sono problemi mi fate sapere come risolverli, possibilmente con una piccola guida.

Critical Planet Intra Buffer Overflow
Summary:
Planet Intra Intranet solution is a communication and collaboration tool that tries to simplify the information-sharing process.
A buffer overflow vulnerability in Planet Intra allows remote execution of code.
Execution:
Vulnerable systems:
Planet Intra version 2.5 (for Windows, Linux and Solaris)
A buffer overflow (at least one, possibly more) exists in 'pi' binary that allows remote user to execute commands on the target
system. For example, a request like:
GET /cgi-bin/pi?page=document/show_file&id=(A x 10024)
Will trigger an overflow.
Fix:
Apparently a patch is available for this issue, but there was no official response or confirmation, and we are not aware if the
current version available for download . Check at
planetintra.com.

File Names: tuodominio.it:80/script/pi

Info2www Arbitrary Command Execution
Summary: The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web server, by passing commands as part
of a variable. Potential consequences of a successful exploitation involve anything the web server process has permissions to do, including possibly web site defacement.

Execution:
example.com/cgi-bin/info2www?(../../../../../../../../bin/mail recipient
Implication:
This vulnerability allows anyone to have full access, to perform whatever function that they wished on your machine. Using this vulnerability the intruder can 'squat' on this server collecting such sensitive data as user names, logins and passwords or other types of information that could be used for more serious crimes; if you are a financial institution and you allow your clients to bank on-line, the attacker can collect passwords, logins and account numbers and then transfer money out of their accounts).
This could also allow a malicious user or intruder to add, delete or modify user or company web pages on the web server which could include the defacement of the main website on the machine.
It would be easy to overwrite yourcompanies.com website with one that the hacker created, thus impacting business reputation or functionality and causing loss of company revenue or reputation.
Fix:
Version 1.2 of the script does not suffer from this issue.

Spero in una vostra risposta.
Grazie
Ciao

paolino · 24-01-12, 12:47

Ma quei servizi che lui dice essere vulnerabili sono effettivamente installati?

In questo caso l'unica cosa da fare è cercare su internet informazioni a riguardo e vedere se ci sono patch e installarle.

chakilda · 24-01-12, 12:56

Noooooooooo la cosa bella e' proprio questa!
E cioe' che non trovo traccia ne nella cartella FTP dove risiede il sito ne sull'intero server web di riferimenti a: info2www * o * planet intra * o * *pi.
Eppure questo software mi dice di aver trovato queste criticita' !

paolino · 24-01-12, 13:23

Lui dice che si trova in tuodominio.it:80/script/pi

Se non c'è, allora mi sa che questo software è un pò come il norton

24-01-12, 11:06	#1 (permalink)
chakilda User Data di registrazione: Oct 2010 Ubicazione: Bari Messaggi: 74	scansione con HP WebInspect - HELP Ciao a tutti vi chiedo una mano a capire se questi errori rilevati da uno scan fatto dal software HP WebInspect siano effettivamente errori critici o un bug di questo programma. Premetto che la macchina è un server windows 2008 R2 con IIS7.5 con anche installato php e mysql. Se secondo voi sono problemi mi fate sapere come risolverli, possibilmente con una piccola guida. Critical Planet Intra Buffer Overflow Summary: Planet Intra Intranet solution is a communication and collaboration tool that tries to simplify the information-sharing process. A buffer overflow vulnerability in Planet Intra allows remote execution of code. Execution: Vulnerable systems: Planet Intra version 2.5 (for Windows, Linux and Solaris) A buffer overflow (at least one, possibly more) exists in 'pi' binary that allows remote user to execute commands on the target system. For example, a request like: GET /cgi-bin/pi?page=document/show_file&id=(A x 10024) Will trigger an overflow. Fix: Apparently a patch is available for this issue, but there was no official response or confirmation, and we are not aware if the current version available for download . Check at planetintra.com. File Names: tuodominio.it:80/script/pi Info2www Arbitrary Command Execution Summary: The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web server, by passing commands as part of a variable. Potential consequences of a successful exploitation involve anything the web server process has permissions to do, including possibly web site defacement. Execution: example.com/cgi-bin/info2www?(../../../../../../../../bin/mail recipient Implication: This vulnerability allows anyone to have full access, to perform whatever function that they wished on your machine. Using this vulnerability the intruder can 'squat' on this server collecting such sensitive data as user names, logins and passwords or other types of information that could be used for more serious crimes; if you are a financial institution and you allow your clients to bank on-line, the attacker can collect passwords, logins and account numbers and then transfer money out of their accounts). This could also allow a malicious user or intruder to add, delete or modify user or company web pages on the web server which could include the defacement of the main website on the machine. It would be easy to overwrite yourcompanies.com website with one that the hacker created, thus impacting business reputation or functionality and causing loss of company revenue or reputation. Fix: Version 1.2 of the script does not suffer from this issue. Spero in una vostra risposta. Grazie Ciao

24-01-12, 12:47	#2 (permalink)
paolino Moderatore Data di registrazione: Apr 2005 Ubicazione: San Cipriano Beach Messaggi: 4,443	Ma quei servizi che lui dice essere vulnerabili sono effettivamente installati? In questo caso l'unica cosa da fare è cercare su internet informazioni a riguardo e vedere se ci sono patch e installarle.
	__________________

24-01-12, 13:23	#4 (permalink)
paolino Moderatore Data di registrazione: Apr 2005 Ubicazione: San Cipriano Beach Messaggi: 4,443	Lui dice che si trova in tuodominio.it:80/script/pi Se non c'è, allora mi sa che questo software è un pò come il norton
	__________________

Condividi questo contenuto nei Social Network:		Tweet
Ti stiamo aspettando: Registrati subito e gratis. Entra a far parte di una delle comunità più attive in Italia. Se hai dimenticato i tuoi dati li puoi recuperare subito.

24-01-12, 12:56	#3 (permalink)
chakilda User Data di registrazione: Oct 2010 Ubicazione: Bari Messaggi: 74	Noooooooooo la cosa bella e' proprio questa! E cioe' che non trovo traccia ne nella cartella FTP dove risiede il sito ne sull'intero server web di riferimenti a: info2www * o * planet intra * o * *pi. Eppure questo software mi dice di aver trovato queste criticita' !

Strumenti di discussione
Visualizza la versione stampabile Invia la pagina tramite email