Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Remote Command Execution on Cisco WAG120N
From: Benji <me () b3nji com>
Date: Mon, 26 Nov 2012 14:11:36 +0000

Command execution through Dynamic DNS setup is quite clearly not expected
functionality.


On Mon, Nov 26, 2012 at 11:28 AM, Gary Driggs <gdriggs () gmail com> wrote:

On Nov 26, 2012, at 1:47 AM, "Julius Kivimäki"
<julius.kivimaki () gmail com> wrote:

Is a privilege escalation vulnerability in Linux not a vulnerability if
it requires authentication?

It was not made clear that it was a privilege escalation...
"Authenticate and browse to /setup.cgi? ... All the fields you see are
vulnerables to command execution as root." So what kind of credentials
are used for the initial authentication? Unprivileged? Then it should
be mentioned as such. Otherwise, I can point out a few dozen embedded
systems with web UIs that allow me to make configuration changes after
authentication because that's why they're there. Now if you can point
out a way to bypass authentication or escalate privileges from an
account that doesn't normally have write access, you've got a
vulnerability. I was merely asking how this differed from any other
auth wall.

-Gary

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]