漏洞信息详情
Business Objects Crystal Reports Web表单查看器目录遍历漏洞
- CNNVD编号:CNNVD-200408-088
- 危害等级: 高危
- CVE编号: CVE-2004-0204
- 漏洞类型: 输入验证
- 发布时间: 2004-06-29
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: microsoft
- 漏洞来源: Imperva Applicatio...
漏洞简介
Crystal Reports和Crystal Enterprise是Business Objects公司的报告和数据演示解决方案。 Crystal Reports和Crystal Enterprise提交图象文件的模块存在问题,远程攻击者可以利用这个漏洞访问任意系统文件或进行拒绝服务攻击。 1、任意文件访问和删除 WEB报告引擎使用crystalimagehandler.aspx模块处理图象问,此模块接收dynamicimage参数指定临时建立的图象文件名,此文件提交给客户然后默认会从磁盘中删除,一般请求如下: http://foo.bar/crystalreportviewers/crystalimagehandler.aspx?dynamicimag e=2a7173aa-a2e4-4f96-b9e1-11332c696bbd.png 但是由于对用户提交的数据缺少充分过滤,攻击者提交包含多个\'\'../\'\'字符的数据可绕过WEB ROOT限制,以WEB进程访问系统上任意文件内容。 2、磁盘耗尽漏洞: Crystal Reports Web提交模块依靠图象提交模块来处理图象,然后从硬盘上清理,但是如果攻击者持续请求此模块而没有获取任何相关图象(如使用PERL脚本),就会导致报告引擎在图象文件夹中消耗大量空间,造成拒绝服务问题。 使用 Business Contact Manager,和Business Solutions CRM 1.2的Microsoft Visual Studio .NET 2003, Outlook 2003也受此漏洞影响。
漏洞公告
厂商补丁: Business Objects ---------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
BEA Systems WebLogic Server for Win32 8.1 SP 2:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems Weblogic Server 8.1 SP 2:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
BEA Systems Weblogic Server 8.1 SP 1:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
BEA Systems WebLogic Server for Win32 8.1 SP 1:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems WebLogic Server for Win32 8.1:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems Weblogic Server 8.1:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
Borland J Builder :
Business Objects Upgrade cr10jbuilder_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/cr10jbuilder_critical_update_win.zip
For Windows.
Business Objects Upgrade crjbuilder10critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/crjbuilder10critical_update_sol.tar.gz
For Solaris.
Business Objects Upgrade crjbuilder10critical_update_lnx.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/crjbuilder10critical_update_lnx.tar.gz
For Linux.
Business Objects Crystal Enterprise Java SDK 8.5:
Business Objects Upgrade v85_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v85_critical_update_win.zip
For Windows.
Business Objects Upgrade ce85critical_update_jcesol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critical_update_jcesol.tar.gz
For Solaris.
Business Objects Upgrade ce85critical_update_jceaix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critical_update_jceaix.tar.gz
For AIX.
Business Objects Crystal Enterprise RAS for UNIX 8.5:
Business Objects Upgrade ras85critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ras85critical_update_sol.tar.gz
For Solaris.
Business Objects Crystal Reports 9.0:
Business Objects Upgrade v9_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critical_update_win.zip
For Windows.
Business Objects Crystal Enterprise 9.0:
Business Objects Upgrade v9_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critical_update_win.zip
For Windows.
Business Objects Crystal Enterprise 10.0:
Business Objects Upgrade v10_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critical_update_win.zip
For Windows.
Business Objects Upgrade ce10critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critical_update_sol.tar.gz
For Solaris.
Business Objects Upgrade ce10critical_update_aix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critical_update_aix.tar.gz
For AIX.
Business Objects Crystal Reports 10.0:
Business Objects Upgrade v10_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critical_update_win.zip
For Windows.
Microsoft Visual Studio .NET 2003 :
Microsoft Upgrade Visual Studio .NET 2003 Crystal Reports Security Update
http://www.microsoft.com/downloads/details.aspx?FamilyId=659CA40E-808D-431D-A7D3-33BC3ACE922D&displaylang=en
Microsoft Outlook 2003 with Business Contact Manager :
Microsoft Upgrade Business Contact Manager for Outlook 2003 Security Update: KB842496
http://www.microsoft.com/downloads/details.aspx?FamilyId=9016B9F3-BA86-4A95-9D89-E120EF2E85E3&displaylang=en
Microsoft Business Solutions CRM 1.2:
Business Objects Upgrade mscrm12_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/mscrm12_critical_update_win.zip
参考网址
来源: BID 名称: 10260 链接:http://www.securityfocus.com/bid/10260 来源: XF 名称: crystalreports-file-deletion(16044) 链接:http://xforce.iss.net/xforce/xfdb/16044 来源: MS 名称: MS04-017 链接:http://www.microsoft.com/technet/security/bulletin/ms04-017.asp 来源: support.businessobjects.com 链接:http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp 来源: OSVDB 名称: 6748 链接:http://www.osvdb.org/6748 来源: SECUNIA 名称: 11800 链接:http://secunia.com/advisories/11800 来源: BUGTRAQ 名称: 20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108671836127360&w=2 来源: BUGTRAQ 名称: 20040502 Crystal Reports Vulnerabilities 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108360413811017&w=2 来源: US Government Resource: oval:org.mitre.oval:def:1157 名称: oval:org.mitre.oval:def:1157 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1157
受影响实体
- Microsoft Visual_studio_.Net:2003:Gold
- Microsoft Outlook:2003:Business_contact_manager
- Microsoft Business_solutions_crm:1.2
补丁
暂无
评论