首页 -> 安全研究
安全研究
安全漏洞
Business Objects Crystal Reports Web表单查看器目录遍历漏洞
发布日期:2004-06-29
更新日期:2004-07-07
受影响系统:
BEA Systems WebLogic Express 8.1 SP2不受影响系统:
BEA Systems WebLogic Express 8.1 SP1
BEA Systems WebLogic Express 8.1
BEA Systems Weblogic Server 8.1 SP2
BEA Systems Weblogic Server 8.1 SP1
BEA Systems Weblogic Server 8.1
Microsoft Visual Studio .NET 2003
Business Objects Crystal Reports 9
Business Objects Crystal Reports 10
Business Objects Crystal Enterprise 9
Business Objects Crystal Enterprise 10
BEA Systems WebLogic Express 8.1 SP3描述:
BEA Systems Weblogic Server 8.1 SP3
BUGTRAQ ID: 10260
CVE(CAN) ID: CVE-2004-0204
Crystal Reports和Crystal Enterprise是Business Objects公司的报告和数据演示解决方案。
Crystal Reports和Crystal Enterprise提交图象文件的模块存在问题,远程攻击者可以利用这个漏洞访问任意系统文件或进行拒绝服务攻击。
1、任意文件访问和删除
WEB报告引擎使用crystalimagehandler.aspx模块处理图象问,此模块接收dynamicimage参数指定临时建立的图象文件名,此文件提交给客户然后默认会从磁盘中删除,一般请求如下:
http://foo.bar/crystalreportviewers/crystalimagehandler.aspx?dynamicimag
e=2a7173aa-a2e4-4f96-b9e1-11332c696bbd.png
但是由于对用户提交的数据缺少充分过滤,攻击者提交包含多个'../'字符的数据可绕过WEB ROOT限制,以WEB进程访问系统上任意文件内容。
2、磁盘耗尽漏洞:
Crystal Reports Web提交模块依靠图象提交模块来处理图象,然后从硬盘上清理,但是如果攻击者持续请求此模块而没有获取任何相关图象(如使用PERL脚本),就会导致报告引擎在图象文件夹中消耗大量空间,造成拒绝服务问题。
使用 Business Contact Manager,和Business Solutions CRM 1.2的Microsoft Visual Studio .NET 2003, Outlook 2003也受此漏洞影响。
<*来源:Imperva Application Defense Center (adc@imperva.com)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108671836127360&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://foo.bar/crystalreportviewers/crystalimagehandler.aspx?dynamicimag
e=..\..\..\..\..\mydocuments\private\passwords.txt
建议:
厂商补丁:
Business Objects
----------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
BEA Systems WebLogic Server for Win32 8.1 SP 2:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems Weblogic Server 8.1 SP 2:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
BEA Systems Weblogic Server 8.1 SP 1:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
BEA Systems WebLogic Server for Win32 8.1 SP 1:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems WebLogic Server for Win32 8.1:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems Weblogic Server 8.1:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
Borland J Builder :
Business Objects Upgrade cr10jbuilder_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/cr10jbuilder_critical_update_win.zip
For Windows.
Business Objects Upgrade crjbuilder10critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/crjbuilder10critical_update_sol.tar.gz
For Solaris.
Business Objects Upgrade crjbuilder10critical_update_lnx.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/crjbuilder10critical_update_lnx.tar.gz
For Linux.
Business Objects Crystal Enterprise Java SDK 8.5:
Business Objects Upgrade v85_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v85_critical_update_win.zip
For Windows.
Business Objects Upgrade ce85critical_update_jcesol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critical_update_jcesol.tar.gz
For Solaris.
Business Objects Upgrade ce85critical_update_jceaix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critical_update_jceaix.tar.gz
For AIX.
Business Objects Crystal Enterprise RAS for UNIX 8.5:
Business Objects Upgrade ras85critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ras85critical_update_sol.tar.gz
For Solaris.
Business Objects Crystal Reports 9.0:
Business Objects Upgrade v9_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critical_update_win.zip
For Windows.
Business Objects Crystal Enterprise 9.0:
Business Objects Upgrade v9_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critical_update_win.zip
For Windows.
Business Objects Crystal Enterprise 10.0:
Business Objects Upgrade v10_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critical_update_win.zip
For Windows.
Business Objects Upgrade ce10critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critical_update_sol.tar.gz
For Solaris.
Business Objects Upgrade ce10critical_update_aix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critical_update_aix.tar.gz
For AIX.
Business Objects Crystal Reports 10.0:
Business Objects Upgrade v10_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critical_update_win.zip
For Windows.
Microsoft Visual Studio .NET 2003 :
Microsoft Upgrade Visual Studio .NET 2003 Crystal Reports Security Update
http://www.microsoft.com/downloads/details.aspx?FamilyId=659CA40E-808D-431D-A7D3-33BC3ACE922D&displaylang=en
Microsoft Outlook 2003 with Business Contact Manager :
Microsoft Upgrade Business Contact Manager for Outlook 2003 Security Update: KB842496
http://www.microsoft.com/downloads/details.aspx?FamilyId=9016B9F3-BA86-4A95-9D89-E120EF2E85E3&displaylang=en
Microsoft Business Solutions CRM 1.2:
Business Objects Upgrade mscrm12_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/mscrm12_critical_update_win.zip
浏览次数:3571
严重程度:0(网友投票)
绿盟科技给您安全的保障