{"vuid":"VU#326830","idnumber":"326830","name":"NAS4Free version 9.1.0.1 contains a remote command execution vulnerability","keywords":["NAS4Free","network attached storage","remote command execution","CWE-94"],"overview":"NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability (CWE-94).","clean_desc":"CWE-94: Improper Control of Generation of Code ('Code Injection') NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability. NAS4Free allows an authenticated user to post PHP code to an HTTP script and have the code executed remotely. By default, NAS4Free runs with root privileges. A remotely authenticated attacker can send an HTTP POST request that contains a malicious PHP file which can cause the script to run directly on the machine. For more details, please see Tod Beardsley's Rapid7 blog post.","impact":"A remote authenticated attacker may be able to execute arbitrary code as root on the system.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Thanks to Tod Beardsley and Brandon Perry of Rapid7, Inc. for reporting this vulnerability.","author":"This document was written by Adam Rauf.","public":["http://cwe.mitre.org/data/definitions/94.html","http://www.nas4free.org/downloads.html","https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"],"cveids":["CVE-2013-3631"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-09-16T18:09:44Z","publicdate":"2013-10-30T00:00:00Z","datefirstpublished":"2013-10-30T17:13:21Z","dateupdated":"2013-10-30T17:13:21Z","revision":28,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UR","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6","cvss_basevector":"AV:N/AC:M/Au:S/C:P/I:P/A:P","cvss_temporalscore":"5.1","cvss_environmentalscore":"1.3","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}