Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2011-3337 to a friend New vulnerability? New tool? Tell us	CVE-2011-3337 eEye Retina Audit Script Execution of Arbitrary Code     Credit: The information has been provided by Michael Rutkowski. The original article can be found at: http://www.eeye.com/Support/Knowledge-Base/Article.aspx?id=KB000883 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2011-3337 Details Check for CVE-2011-3337 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * eEye Retina audits revision 2423 and prior Immune Systems:  * eEye Retina audits revision 2424 The eEye Retina Network Security Scanner software executes various audits against target systems to conduct security vulnerability assessment testing. eEye provides audit scripts to help perform security reviews of various operating systems and applications. One audit script for Solaris, HP-UX, and IRIX systems (audit ID 2499) checks the program version by searching the /usr/local portion of the file system and executing a file with options to display version information. The script executes a program based on file name. If an attacker can place an executable file with an appropriate name in /usr/local, that file will be executed by the audit script. Reported vulnerable audit script: Audit ID (2499) tests for the version of Gauntlet Firewall software installed under /usr/local on Solaris, HP-UX, and IRIX target machines with the following line of UNIX shell script: find /usr/local -name gauntlet -exec {} -v \ eEye recommends using unprivileged accounts when scanning hosts with the Retina product. However, the option does exist for user of Retina to provide a root credential to perform scans. In addition eEye provides documentation with warnings on how to run scans with sudo. An attacker who is able to write an executable file under the /usr/local file system (most likely, but not necessarily a local user) can execute arbitrary code with the same privileges provided to Retina to perform the vulnerability scan. CVE Information: CVE-2011-3337 Patch Availability: eEye Retina recommends the following workarounds:  * Do not allow unprivileged users write access to /usr/local and its subdirectories on Solaris, HP-UX, and IRIX systems.  * Remove audit 2499 from the scan policy.  * Perform vulnerability scans with unprivileged (non-root) user accounts. Disclosure Timeline: Date Notified 2011-09-30 Date Updated 2011-11-09  Comments on CVE-2011-3337:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®