IPCop v2.x multiple vulnerabilities

The web application component of IPCop v2.x allows authenticated remote attackers to execute arbitrary commands as 'nobody'.

Software

Software Link: http://www.ipcop.org/

Vulnerable Versions: v2.x

Vendor Notification:

# 2013-01-23 # submitted bug report - bug id# 3601836

# 2013-01-24 # vendor reply - Do not trust your administrators.

# 2013-01-24 # advisory released

# 0x01 # Command Execution # Authenticated

Execute commands as the 'nobody' user.

The following proof of concept is available:

The vulnerable code is as follows:

# 0x02 # Command Execution # Authenticated

Execute commands as the 'nobody' user.

The following proof of concept is available:

The vulnerable code is as follows:

# 0x03 # Command Execution # Authenticated

Execute commands as the 'nobody' user.

The following proof of concept is available:

The vulnerable code is as follows:

# 0x04 # Directory Traversal # Authenticated

Write files as the 'nobody' user.

The following proof of concept is available:

Reference

# OWASP: Code Injection

Appendix

[TXT] IPCop v2.x multiple vulnerabilities