Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Fix available for Sgdynamo

From: Stuart Moore <smoore () securityglobal net>
Date: Fri, 10 May 2002 16:24:03 -0400
Hi,

On April 17, 2002, frog-m@n posted a message to vuln-dev with a note
about a cross-site scripting bug in a script called Sgdynamo.  See:

http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html
http://www.ifrance.com/kitetoua/tuto/5holes1.txt

The vendor has since released a fix.  I've included a brief extract from
http://securitytracker.com/alerts/2002/May/1004257.html with the
essential details, including information from the vendor how to obtain a
fix.  CVE number is CAN-2002-0356.

Stuart


------------------------------------------------------------------------
Ecometry's SGDynamo Web Application Engine Allows Remote Users to
Conduct Cross-Site Scripting Attacks
------------------------------------------------------------------------
 
[Description]:
 
  A vulnerability was reported in Ecometry's SGDynamo web application
  engine. A remote user can conduct cross-site scripting attacks against
  users of web sites running SGDynamo.
 
  The 'sgdynamo.exe' script will display user-supplied data when a URL
  error is encountered. The data is displayed without being properly
  escaped.
 
  This vulnerability was recently reported by frog-m@n on the following
  web site:
 
  http://www.ifrance.com/kitetoua/tuto/5holes1.txt
 
  In that post, frog-m@n indicated that the following type of URL could
  be used to cause the server to display the user-supplied script code:
 
  http://[targethost]/sgdynamo.exe?HTNAME=<script>SCRIPT</script>
 
  A remote user could create HTML containing malicious scripting that,
  when loaded by a target (victim) user, would cause the target user's
  browser to execute the scripting. The code would appear to originate
  from the web site running the Ecometry software and would run in the
  security context of that site. As a result, the code could access the
  target user's cookies associated with that web site.
 
  [Editor's notes: Ecometry was formerly known as Smith-Gardner. Also,
  thanks to Krissy for her help on this, to Bryan @ Ecometry for his
  cooperation, and of course to frog-m@n who discovered the flaw.
  Finally, the vendor was very quick to fix this flaw once notified.]
 
 
[Impact Summary]:
 
  Disclosure of authentication information, Execution of arbitrary code
  via network
 
 
[Impact Text]:
 
  A remote user could access another user's cookies associated with the
  site running 'sgdynamo.exe'.
 
 
[Solution]:
 
  The vendor has released a fix for versions 5.32T and above (5.32U,
  6.1, 7.00).  Customers should call their Ecometry Customer Support Rep
  in order to obtain the fixed code.  Customers should reference Job #
  181625-01 when requesting the code.
 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: