Vulnerabilities > CVE-2007-3010 - Unspecified vulnerability in Al-Enterprise Omnipcx Enterprise Communication Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Vulnerable Configurations
Exploit-Db
description Alcatel-Lucent OmniPCX Enterprise 7.1 Remote Command Execution Vulnerability. CVE-2007-3010. Webapps exploit for cgi platform id EDB-ID:30591 last seen 2016-02-03 modified 2007-09-17 published 2007-09-17 reporter RedTeam Pentesting GmbH source https://www.exploit-db.com/download/30591/ title Alcatel-Lucent OmniPCX Enterprise <= 7.1 - Remote Command Execution Vulnerability description Alcatel-Lucent OmniPCX Enterprise Communication Server. CVE-2007-3010. Webapps exploit for cgi platform id EDB-ID:10031 last seen 2016-02-01 modified 2007-09-17 published 2007-09-17 reporter patrick source https://www.exploit-db.com/download/10031/ title Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection description Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution. CVE-2007-3010. Webapps exploit for cgi platform id EDB-ID:16857 last seen 2016-02-02 modified 2010-10-05 published 2010-10-05 reporter metasploit source https://www.exploit-db.com/download/16857/ title Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
Metasploit
| description | This module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary commands by specifying shell metacharaters as the 'user' within the 'ping' action to obtain 'httpd' user access. This module only supports command line payloads, as the httpd process kills the reverse/bind shell spawn after the HTTP 200 OK response. |
| id | MSF:EXPLOIT/LINUX/HTTP/ALCATEL_OMNIPCX_MASTERCGI_EXEC |
| last seen | 2020-06-14 |
| modified | 2017-11-08 |
| published | 2009-09-01 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb |
| title | Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution |
Packetstorm
data source https://packetstormsecurity.com/files/download/82234/alcatel_omnipcx_mastercgi_exec.rb.txt id PACKETSTORM:82234 last seen 2016-12-05 published 2009-10-27 reporter patrick source https://packetstormsecurity.com/files/82234/Alcatel-Lucent-OmniPCX-Enterprise-masterCGI-Arbitrary-Command-Execution.html title Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution data source https://packetstormsecurity.com/files/download/59383/rt-sa-2007-001.txt id PACKETSTORM:59383 last seen 2016-12-05 published 2007-09-18 reporter redteam-pentesting.de source https://packetstormsecurity.com/files/59383/rt-sa-2007-001.txt.html title rt-sa-2007-001.txt
References
- http://marc.info/?l=full-disclosure&m=119002152126755&w=2
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
- http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
- http://secunia.com/advisories/26853
- http://www.securityfocus.com/bid/25694
- http://osvdb.org/40521
- http://www.vupen.com/english/advisories/2007/3185
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36632
- http://www.securityfocus.com/archive/1/479699/100/0/threaded