J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Advanced Research Security Auditor Research Assistant Service Banner HTML Injection Vulnerability

Severity: HIGH

Description:

Advanced Research Security Auditor Research Assistant (SARA) is the third generation of security auditing software based off the original SATAN scanner. SARA employs a HTTP server to allow the end user to interact with the software, using a web browser. SARA software is used to scan remote systems for security vulnerabilities and a dynamic report is generated from findings.

SARA has been reported prone to a HTML injection vulnerability. The issue has been reported to exist due to a lack of sufficient sanitization performed on banner data enumerated from remote services. It has been reported that in interactive mode, HTML code received as a banner from a server responding to a SARA scan will be incorporated into dynamic content and rendered in the browser of the user who is monitoring the SARA scan.

Successful exploitation of this issue may allow a remote attacker to steal cookie-based authentication credentials. Other attacks are possible as well. The impact of this issue may be exaggerated because the affected software invokes the web browser, and the software must be run as the root user. HTML form variables are also assigned to global variables in PERL scripts.

It should be noted that this vulnerability has been reported to affect SARA version 4.2.7 and all prior versions.

**Additional reports indicate that this issue may also affect SATAN version 1.1.1 and previous versions, as SARA is derived from the SATAN engine. It has been reported that SATAN does not strip "<" and ">" characters from HTML code.

Affected Products:

  • Advanced Research Security Auditor's Research Assistant 4.2.1
  • Advanced Research Security Auditor's Research Assistant 4.2.5
  • Advanced Research Security Auditor's Research Assistant 4.2.6
  • Advanced Research Security Auditor's Research Assistant 4.2.7
  • Dan Farmer SATAN 1.1.1

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.