SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   NetMRI Vendors:   Infoblox
Infoblox NetMRI Input Validation Flaw in Login Page Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1026319
SecurityTracker URL:  http://securitytracker.com/id/1026319
CVE Reference:   CVE-2011-5178   (Links to External Site)
Updated:  Sep 20 2012
Original Entry Date:  Nov 11 2011
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.0.2.42, 6.1.2, 6.2.1; possibly earlier versions
Description:   A vulnerability was reported in Infoblox NetMRI. A remote user can conduct cross-site scripting attacks.

The admin login page does not properly filter HTML code from user-supplied input in the "eulaAccepted" and "mode" parameters before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the NetMRI software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The vendor was notified on August 28, 2011.

Jose Carlos de Arriba of Foreground Security reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the NetMRI software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued a fix (6.2.2).

Patches are also available for prior versions:

v6.2.1-NETMRI-8831
v6.1.2-NETMRI-8831
v6.0.2-NETMRI-8831

Vendor URL:  www.infoblox.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Thu, 10 Nov 2011 18:07:53 -0600
Subject:  [Full-disclosure] [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities

============================================================
FOREGROUND SECURITY, SECURITY ADVISORY 2011-004
- Original release date: November 10, 2011
- Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Security
- Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com)
- Severity: 4.3/10 (Base CVSS Score)
============================================================

I. VULNERABILITY
-------------------------
Infoblox NetMRI 6.2.1 (latest version available when the vulnerability was discovered), 6.1.2 and 6.0.2.42 Multiple Cross Site Scripting - XSS (prior versions have not been checked but could be vulnerable too).

II. BACKGROUND
-------------------------
Infoblox NetMRI is a network automation solution for configuration, optimization and compliance enforcement. With hundreds of built-in rules and industry best practices, it automates network change, intelligently manages device configurations and reduces the risk of human error. 

III. DESCRIPTION
-------------------------
Infoblox NetMRI 6.2.1 (latest version available when the vulnerability was discovered), 6.1.2 and 6.0.2.42 presents multiple Cross-Site Scripting vulnerabilities on its "eulaAccepted" and "mode" parameters in the admin login page, due to an insufficient sanitization on user supplied data and encoding output.
A malicious user could perform session hijacking or phishing attacks.

IV. PROOF OF CONCEPT
-------------------------
POST /netmri/config/userAdmin/login.tdf HTTP/1.1
Content-Length: 691
Cookie: XXXX
Host: netmrihost:443
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

formStack=netmri/config/userAdmin/login&eulaAccepted=<script>alert(document.cookie)</script>&mode=<script>alert(document.cookie)</script>&skipjackPassword=ForegroundSecurity&skipjackUsername=ForegroundSecurity&weakPassword=false

V. BUSINESS IMPACT
-------------------------
An attacker could perform session hijacking or phishing attacks.

VI. SYSTEMS AFFECTED
-------------------------
Infoblox NetMRI 6.2.1 (latest), 6.1.2 and 6.0.2 branches (prior versions have not been checked but could be vulnerable too).

VII. SOLUTION
-------------------------
Vulnerability fixed on 6.2.2 version - available as of 10 Nov 2011

Also the following security patches are available:

- v6.2.1-NETMRI-8831
- v6.1.2-NETMRI-8831
- v6.0.2-NETMRI-8831


VIII. REFERENCES
-------------------------
http://www.infoblox.com/en/products/netmri.html
http://www.foregroundsecurity.com/
http://www.painsec.com

IX. CREDITS
-------------------------
This vulnerability has been discovered by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com).

X. REVISION HISTORY
-------------------------
- November 10, 2011: Initial release.

XI. DISCLOSURE TIMELINE
-------------------------
August 28, 2011: Vulnerability discovered by Jose Carlos de Arriba.
August 28, 2011: Vendor contacted by email.
August 29: Vendor response asking for details.
September 21, 2011: Security advisory sent to vendor.
November 10, 2011: Security Fix released by vendor.
November 10, 2011: Security advisory released.


XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"with no warranties or guarantees of fitness of use or otherwise.

Jose Carlos de Arriba, CISSP
Senior Security Analyst
Foreground Security
www.foregroundsecurity.com
jcarriba (at) foregroundsecurity (dot) com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC