Details of VAR-200803-0049

ID

VAR-200803-0049

CVE

CVE-2008-1253

TITLE

IBM AIX nslookup fails to drop root privileges

Trust: 0.8

sources: CERT/CC: VU#18419

DESCRIPTION

Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page. The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment. D-Link DI-524 has multiple vulnerabilities in processing user requests. Remote attackers may use these vulnerabilities to make device services unavailable or perform cross-site scripting attacks. The D-Link DI-524 router does not properly handle the login request sent to the web interface. If the attacker sends a long username, it will trigger a crash; if the long HTTP header is sent, it may also cause the router's web server. collapse. The D-Link DI-604 router did not properly filter the input passed to the rf parameter in prim.htm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session. The D-Link DSL-G604T router did not properly filter the input passed to the var: category parameter in cgi-bin / webcm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: D-Link DSL-G604T "var:category" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA29530 VERIFY ADVISORY: http://secunia.com/advisories/29530/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: D-Link DSL-G604T http://secunia.com/product/5127/ DESCRIPTION: Gareth Heyes has reported a vulnerability in D-Link DSL-G604T, which can be exploited by malicious people to conduct cross-site scripting attacks. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged on to the application. PROVIDED AND/OR DISCOVERED BY: Gareth Heyes ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.33

sources: NVD: CVE-2008-1253 // CERT/CC: VU#18419 // JVNDB: JVNDB-2008-002825 // CNVD: CNVD-2008-5921 // BID: 28439 // VULHUB: VHN-31378 // PACKETSTORM: 64868

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2008-5921

AFFECTED PRODUCTS

vendor:	d link	model:	dsl-g604t	scope:	-	version:	-	Trust: 1.7
vendor:	d link	model:	dsl-g604t	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	di-604	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-524	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#18419 // CNVD: CNVD-2008-5921 // BID: 28439 // JVNDB: JVNDB-2008-002825 // CNNVD: CNNVD-200803-131 // NVD: CVE-2008-1253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-1253
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#18419
value:	2.76
Trust: 0.8
NVD:	CVE-2008-1253
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200803-131
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-31378
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-1253
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-31378
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#18419 // VULHUB: VHN-31378 // JVNDB: JVNDB-2008-002825 // CNNVD: CNNVD-200803-131 // NVD: CVE-2008-1253

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-31378 // JVNDB: JVNDB-2008-002825 // NVD: CVE-2008-1253

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-131

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 64868 // CNNVD: CNNVD-200803-131

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002825

PATCH

title:

Top Page

url:

http://www.dlink.com/

Trust: 0.8

sources: JVNDB: JVNDB-2008-002825

EXTERNAL IDS

db:	NVD	id:	CVE-2008-1253	Trust: 3.4
db:	BID	id:	28439	Trust: 2.0
db:	SECUNIA	id:	29530	Trust: 1.8
db:	XF	id:	604	Trust: 1.4
db:	CERT/CC	id:	VU#18419	Trust: 0.8
db:	JVNDB	id:	JVNDB-2008-002825	Trust: 0.8
db:	CNNVD	id:	CNNVD-200803-131	Trust: 0.7
db:	CNVD	id:	CNVD-2008-5921	Trust: 0.6
db:	BUGTRAQ	id:	20080301 THE ROUTER HACKING CHALLENGE IS OVER!	Trust: 0.6
db:	XF	id:	41117	Trust: 0.6
db:	VULHUB	id:	VHN-31378	Trust: 0.1
db:	PACKETSTORM	id:	64868	Trust: 0.1

sources: CERT/CC: VU#18419 // CNVD: CNVD-2008-5921 // VULHUB: VHN-31378 // BID: 28439 // JVNDB: JVNDB-2008-002825 // PACKETSTORM: 64868 // CNNVD: CNNVD-200803-131 // NVD: CVE-2008-1253

REFERENCES

url:	http://www.gnucitizen.org/projects/router-hacking-challenge/	Trust: 2.1
url:	http://www.securityfocus.com/bid/28439	Trust: 1.7
url:	http://secunia.com/advisories/29530	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/489009/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/41117	Trust: 1.1
url:	http://xforce.iss.net/static/604.php	Trust: 0.8
url:	http://groups.google.com/groups?q=ers-sva-e01-1997:008.1&hl=en&rnum=3&selm=6383r7%24kts%243%40watnews1.watson.ibm.com	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1253	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1253	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/41117	Trust: 0.6
url:	http://www.d-link.com/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/29530/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/5127/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#18419 // VULHUB: VHN-31378 // BID: 28439 // JVNDB: JVNDB-2008-002825 // PACKETSTORM: 64868 // CNNVD: CNNVD-200803-131 // NVD: CVE-2008-1253

CREDITS

Gareth Heyes laurent

Trust: 0.6

sources: CNNVD: CNNVD-200803-131

SOURCES

db:	CERT/CC	id:	VU#18419
db:	CNVD	id:	CNVD-2008-5921
db:	VULHUB	id:	VHN-31378
db:	BID	id:	28439
db:	JVNDB	id:	JVNDB-2008-002825
db:	PACKETSTORM	id:	64868
db:	CNNVD	id:	CNNVD-200803-131
db:	NVD	id:	CVE-2008-1253

LAST UPDATE DATE

2025-04-10T20:53:54.317000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#18419	date:	2001-09-27T00:00:00
db:	CNVD	id:	CNVD-2008-5921	date:	2008-12-07T00:00:00
db:	VULHUB	id:	VHN-31378	date:	2018-10-11T00:00:00
db:	BID	id:	28439	date:	2008-03-26T16:10:00
db:	JVNDB	id:	JVNDB-2008-002825	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200803-131	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-1253	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#18419	date:	2001-09-26T00:00:00
db:	CNVD	id:	CNVD-2008-5921	date:	2008-12-07T00:00:00
db:	VULHUB	id:	VHN-31378	date:	2008-03-10T00:00:00
db:	BID	id:	28439	date:	2008-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2008-002825	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	64868	date:	2008-03-26T00:09:25
db:	CNNVD	id:	CNNVD-200803-131	date:	2008-03-10T00:00:00
db:	NVD	id:	CVE-2008-1253	date:	2008-03-10T17:44:00