MRTG CGI Arbitrary File Display Vulnerability

Multi Router Traffic Grapher (MRTG) CGI scripts (current version is 2.9.17) allow display of arbitrary files from the host machine. This can be accomplished by specifying a relative path and file name in a query string passed to the scripts via a properly constructed URL. The scripts reported to be vulnerable include mrtg.cgi, traffic.cgi, 14all-1.1.cgi, and 14all.cgi. An example URL is: http://somehost/mrtg.cgi?cfg=../../../../../../../../etc/passwd. All affected scripts are reportedly exploited with the same query string. (ie, the "cfg=" variable).


Privacy Statement
Copyright 2010, SecurityFocus