Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:SITEMAN-USER

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 siteman user

Release Date

 2005/08/03

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Siteman User Database Privilege Escalation


This signature detects an attempt to exploit a privilege escalation vulnerability in the "users.php" script, which is shipped as part of Siteman 1.1.x. An authorized user, can gain elevated privileges by supplying a malformed HTTP POST request to this script.

Extended Description

Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply additional lines to the stream used to write to the user database file through a URI parameter. This can allow the attacker to corrupt the user database file and potentially gain administrative privileges to the Siteman application. Siteman 1.1.10 and prior versions are affected by this vulnerability.

Affected Products

  • Siteman 1.1.10
  • Siteman 1.1.9

References

  • BugTraq: 12304
  • URL: http://www.securityfocus.com/archive/1/387855
  • URL: http://www.securiteam.com/unixfocus/5XP0C2KEKY.html
  • URL: http://sitem.sourceforge.net/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out