Executive Summary

Summary
Title NAS4Free version 9.1.0.1 contains a remote command execution vulnerability
Informations
Name VU#326830 First vendor Publication 2013-10-30
Vendor VU-CERT Last vendor Modification 2013-10-30
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#326830

NAS4Free version 9.1.0.1 contains a remote command execution vulnerability

Original Release date: 30 Oct 2013 | Last revised: 30 Oct 2013

Overview

NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability (CWE-94).

Description

CWE-94: Improper Control of Generation of Code ('Code Injection')

NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability. NAS4Free allows an authenticated user to post PHP code to an HTTP script and have the code executed remotely. By default, NAS4Free runs with root privileges. A remotely authenticated attacker can send an HTTP POST request that contains a malicious PHP file which can cause the script to run directly on the machine.

For more details, please see Tod Beardsley's Rapid7 blog post.

Impact

A remote authenticated attacker may be able to execute arbitrary code as root on the system.

Solution

We are currently unaware of a practical solution to this problem.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
NAS4FreeAffected08 Oct 201328 Oct 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.0AV:N/AC:M/Au:S/C:P/I:P/A:P
Temporal5.1E:POC/RL:U/RC:UR
Environmental1.3CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

  • http://cwe.mitre.org/data/definitions/94.html
  • http://www.nas4free.org/downloads.html
  • https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one

Credit

Thanks to Tod Beardsley and Brandon Perry of Rapid7, Inc. for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

  • CVE IDs:CVE-2013-3631
  • Date Public:30 Oct 2013
  • Date First Published:30 Oct 2013
  • Date Last Updated:30 Oct 2013
  • Document Revision:28

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/326830

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Snort® IPS/IDS

Date Description
2016-08-09 NAS4Free txtPHPCommand remote code execution attempt
RuleID : 39456 - Revision : 2 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2013-12-14 17:18:05
  • Multiple Updates
2013-11-11 13:36:11
  • Multiple Updates
2013-11-05 17:26:38
  • Multiple Updates
2013-11-05 00:25:15
  • Multiple Updates
2013-11-03 00:22:30
  • Multiple Updates
2013-10-30 21:19:36
  • First insertion