SWsoft Plesk "locale_id" Parameter Handling Remote Directory Traversal Vulnerability


Description   A vulnerability has been identified in SWsoft Plesk, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is caused by input validation errors in the "login.php3" and "login_up.php3" scripts when processing the "locale_id", which could be exploited to conduct directory traversal attacks and disclose the contents of arbitrary files.
     
Vulnerable Products   Vulnerable Software:
SWsoft Plesk version 7.6.1 for WindowsSWsoft Plesk version 8.1.0 for WindowsSWsoft Plesk version 8.1.1 for Windows
     
Solution   Apply patch for Plesk 7.6.1 : http://download1.swsoft.com/Plesk/Autoupdate/Windows/7.6.1/115986/common_func.php3Apply patch for Plesk 8.1.0 : http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.0/115986/common_func.php3Apply patch for Plesk 8.1.0 + plesk_8.1.0_update070216.19 : http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.0.3/115986/common_func.php3Apply patch for Plesk 8.1.1 : http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.1/115986/common_func.php3
     
CVE   CVE-2007-2269
CVE-2007-2268
     
References   http://kb.swsoft.com/en/1798
http://forum.swsoft.com/showthread.php?s=&postid=172761
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2007-04-30 

 Target Type 
Server 

 Possible exploit 
Local & Remote