ALCASAR index.php Crafted HTTP host Header Vulnerability
Added: 09/16/2014BID: 69662
OSVDB: 111026
Background
ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups.Problem
ALCASAR 2.8 and earlier are vulnerable to remote code execution by injecting the exec() function into the HTTP host header to gain access as the Apache user. By also exploiting the Apache user's sudoer capability with openssl, a remote attacker could leverage the origial vulnerability to gain root privileges.Resolution
ALCASAR 2.8.1 purportedly fixes the host header vulnerability.References
http://seclists.org/fulldisclosure/2014/Sep/26Limitations
Exploit works on ALCASAR 2.8.The MIME::Base64 module is required on the SAINTexploit host.
Exploit only results in Apache permissions, not root permissions.
Back to exploit index