Results 1 to 8 of 8
  1. #1
    Join Date
    Jan 2008
    Posts
    77
    Plugin Contributions
    0

    Default [Done v1.3.9e] format string attack.

    Any ideas? Is this a false positive on a pci scan:

    The remote web server hosts CGI scripts that fail to adequately sanitize request strings. They seem to be vulnerable to a 'format string' attack. By leveraging this issue, an attacker may be able to execute arbitrary code on the remote host subject to the privileges under which the web server operates.

    Please inspect the results as this script is prone to false positives.


    Solution:
    Restrict access to the vulnerable application / scripts. And contact the vendor for a patch or upgrade.


    CVSS Information:
    Low Attack Complexity, Partial Confidentiality Impact, Partial Integrity Impact, Partial Availability Impact


    Additional References:
    http://en.wikipedia.org/wiki/Format_string_attack


    Information from Target:
    Using the GET HTTP method, Nessus found that :

    + The following resources may be vulnerable to format string :

    /shop/pages/wholesale-clubs-group-buys-1.html?zenid=%08x

  2. #2
    Join Date
    Nov 2007
    Location
    Woodbine, Georgia, United States
    Posts
    3,299
    Plugin Contributions
    43

    Default Re: format string attack.

    What version Zen Cart? Have a url for us?

    ~Melanie
    PRO-Webs, Inc. :: Recent Zen Cart Projects :: Zen Cart SEO 12 Steps to Success
    **I answer questions in the forum, private messages are NOT answered. You are welcome to contact us via our website for professional engagements.

  3. #3
    Join Date
    Jan 2008
    Posts
    77
    Plugin Contributions
    0

    Default Re: format string attack.

    Quote Originally Posted by mprough View Post
    What version Zen Cart? Have a url for us?

    ~Melanie
    1.3.8 with all security patches. I rather not post a url if it really is an issue. If one of the devs wants the url I can pm it.

  4. #4
    Join Date
    Jul 2005
    Location
    Upstate NY
    Posts
    22,024
    Plugin Contributions
    25

    Default Re: format string attack.

    You have a URL rewriting mod active, and this might be vulnerable to some attack...

  5. #5
    Join Date
    Jan 2004
    Posts
    60,541
    Blog Entries
    4
    Plugin Contributions
    145

    Default Re: format string attack.

    Quote Originally Posted by tbaquatics View Post
    Any ideas? Is this a false positive on a pci scan:

    The remote web server hosts CGI scripts that fail to adequately sanitize request strings. They seem to be vulnerable to a 'format string' attack. By leveraging this issue, an attacker may be able to execute arbitrary code on the remote host subject to the privileges under which the web server operates.

    Please inspect the results as this script is prone to false positives.


    Solution:
    Restrict access to the vulnerable application / scripts. And contact the vendor for a patch or upgrade.


    CVSS Information:
    Low Attack Complexity, Partial Confidentiality Impact, Partial Integrity Impact, Partial Availability Impact


    Additional References:
    http://en.wikipedia.org/wiki/Format_string_attack


    Information from Target:
    Using the GET HTTP method, Nessus found that :

    + The following resources may be vulnerable to format string :

    /shop/pages/wholesale-clubs-group-buys-1.html?zenid=%08x
    At its basic level, v1.3.9 already protects against that problem, since it automatically re-sets the cookie value once it discovers the invalid value.
    It can be reported as a false-positive (ControlScan have already accepted it as such).
    A small patch to mitigate against seeing the false-positive will be included in v1.3.9e.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.



  6. #6
    Join Date
    Jan 2008
    Posts
    77
    Plugin Contributions
    0

    Default Re: format string attack.

    What about in 1.3.8? Any patch?

  7. #7
    Join Date
    Jan 2004
    Posts
    60,541
    Blog Entries
    4
    Plugin Contributions
    145

    Default Re: format string attack.

    Threat-wise it's insignificant. There are no plans to backport it at present. Best to plan an upgrade to benefit from all the other important security benefits in 1.3.9 though.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.



  8. #8
    Join Date
    Jan 2008
    Posts
    77
    Plugin Contributions
    0

    Default Re: format string attack.

    Quote Originally Posted by DrByte View Post
    Threat-wise it's insignificant. There are no plans to backport it at present. Best to plan an upgrade to benefit from all the other important security benefits in 1.3.9 though.
    Control scan is asking for the following info to mark it as a false positive:

    Is there any type of url/content filtering?

    What pattern matching is done to prevent this vulnerability.

 

 

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •