German | English
n.runs AG - Company
 
 
n.runs AG
Services by n.runs
IT INFRASTRUCTURE
IT SECURITY
IT BUSINESS CONSULTING

n.runs AG
Nassauer Straße 60
D-61440 Oberursel
Phone: +49 (0) 6171/699-0
Fax: +49 (0) 6171/699-199
E-mail: contact@nruns.com
Imprint

n.runs-SA-2006.001 Asbru HardCore Web Content Editor - Command Injection

n.runs GmbH
http://www.nruns.com
n.runs-SA-2006.001

security(at)nruns.com
15-Oct-2006

* * *

Vendor: Asbru Software, http://asbrusoft.com
Product: Asbru HardCore Web Content Editor
Vulnerability: Command Injection
Risk: HIGH

Vendor communication:
2006/10/05 initial notification of AsbruSoft
2006/10/08 fix was created over the weekend, released on Oct 8.

Overview:
The Asbru Software Web Content Editor allows for web-based advanced text processing, replacing the typical TEXTAREA input fields with a rich user interface, offering HTML editing capabilities, formatting and various other features. It integrates with Asbru Software's Content Management System, works with most modern browsers and comes in versions for ASP, ASP.NET, PHP, ColdFusion and JSP.

Description:
The spell checking feature uses ASpell, which is invoked through the respective language's process creation commands, such as proc_open() in PHP, Runtime's exec() method in JSP, shell.Run() in ASP and the like. All these invocations are prone to a command injection attack, since ASpell's dictionary argument is specified from a HTTP request parameter and the input is not sanitized. This leads to immediate shell command execution if an attacker carefully crafts this parameter's value. The vulnerability is only present if the spell checking capability is in use.

Solution:
AsbruSoft reacted very quickly. The vulnerability was reported on Oct 5 and a fix was created over the weekend, released on Oct 8. The updated version 6.0.22 is available from http://editor.asbrusoft.com/page.php/id=727

Credit:
Bug found by Jan Muenther of n.runs GmbH.

References:
None

Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact security@nruns.com for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages.

Copyright 2006 n.runs GmbH. All rights reserved. Terms of apply.
Penetration Test
 

August 11, 2010:
Corporate News
n.runs publishes the half-year report 2010 which confirms the forecast for the total year 2010
+++ Revenues amounting to EUR 2.94 Million generated, exceeding the previous year’s level by about 9 %
+++ EBIT improves to EUR 0.1 Million (half-year 2009: EUR - 0.48 Million)
+++ Tight cost and liquidity management successfully carried out
+++ Focus on consulting as the core business induces high order entry and continuous acquisition of new customers

* * *



June 16, 2010:
Corporate News
n.runs publishes 2009 Annual Report with outlook to the business year 2010
+++ Revenues amounting to EUR 5.66 Million generated
+++ EBIT improves to EUR -0.32 Million (previous year: EUR - 0.80 Million)
+++ Tight cost and liquidity management successfully implemented
+++Outlook to Business Year 2010: Revenue: EUR 6.50 Million, EBIT EUR 0.40 Million

* * *



5. January 2010:
press release
German Consulting Specialist n.runs AG expands their portfolio with an “On Demand” Penetration Testing Platform in cooperation with Indian Supplier iViZ Security

* * *



11. December 2009:
Corporate News
New n.runs Supervisory Board Elected
+++ New Supervisory Board is confirmed at the 2009 Annual Shareholder Meeting
+++ Günther Paul Löw is chosen as the Chairman of the Supervisory Board
+++ Ralph-Peter Quetz is chosen as the Vice Chairman


* * *



4. September 2009:
Corporate News
n.runs publishes 2008 Annual Report
Revenues increase by 22 Percent to EUR 6,70 Million +++ EBIT improves by EUR 0,21 Million to EUR -0,80 Millionen +++ Concentration on profitable Consulting Business


* * *

27 February 2009:
Corporate News
n.runs makes capital increase placement
+++ Subscribed capital increased by 8.7 percent
+++ Funds inflow to be used for reorganization and further growth in consulting
+++ Spin-off of the software solution aps-AV® planned


* * *

17 Dec 2008:
Advisory: Opera HTML parsing flaw lead to remote code execution 

* * *

27 Oct 2008:
Advisory: Eaton MGE OPS Network Shutdown Moduleauthentication bypass and code execution

* * *

21 Oct 2008:
Advisory: Internet Explorer HTML Object Memory Corruption

* * *

30 September 2008:
Corporate News
Figures from the first half of 2008 confirm expansion
+++ Revenues increase by around 30 percent to EUR 3.32m EBITDA improved
+++ by EUR 0.27m to EUR -0.35m Profit impacted by software investments,
+++ consulting profitable Outlook 2008


* * *

17 Sep 2008:
Corporate News
Microsoft selects n.runs as a member of the new program Microsoft Secure Development Lifecycle Pro Network
+++ n.runs AG exclusive member of Microsoft SDL Pro Network
+++ Only member of the MS SDL Pro Network on the European mainland
+++ Medium-term contribution to revenues in excess of 10 percent planned
* * *

10 Sep 2008:
Advisory alert:
Cross-Site Scripting Filter Evasion in various frameworks

* * *

10 Sep 2008:
Advisory alert: 
Horde Framework Cross-Site Scripting in filename MIME attachments

* * *

26 Aug 2008:
Press-release
IT Security for Governments and Military Organizations:
n.runs and Thales Now Co-operating


* * *

25 Aug 2008:
Press-release
Growing threat:
serious attacks on E-Mail-/AV systems constantly increasing n.runs introduces aps-AV – Protective cover for antivirus software