SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Arbitrary Command Execution in DataDomain Administrator Interface


Arrow  SecurityAlert : 2516
Arrow  CVE : CVE-2007-1836
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : No
Arrow  Local Exploit : Yes
Arrow  Exploit Available : Yes
Arrow  Credit : Elliot Kendall
Arrow  Published : 05.04.2007

Arrow  Affected Software : Data Domain OS 3.0.0 through 4.0.3.5
Possibly Data Domain OS 2.x and earlier



Arrow  Advisory Content :  

SUMMARY
=======

An arbitrary command execution vulnerability exists in the command line
administration interface of the software used by DataDomain appliances.
An attacker who is able to access the administration interface could
exploit this vulnerability to install malicious software and use the
DataDomain appliance as a base from which to launch attacks on other
systems.

AFFECTED SOFTWARE
=================

* Data Domain OS 3.0.0 through 4.0.3.5

* Possibly Data Domain OS 2.x and earlier

UNAFFECTED
==========

* Data Domain OS 4.0.3.6 and later

IMPACT
======

An attacker who is able to access the administration interface could
install malicious software and use the DataDomain appliance as a base
from which to launch attacks on other systems. Because its owners may
not view the DataDomain applicance as a general-purpose device, they
may not suspect that it might be compromised. In that way the attacker
might evade detection, even if other compromised systems are discovered
and quarantined.

DETAILS
=======

Several of the commands presents in the DataDomain administrative are
very simple wrappers around UNIX commands, including ping, ifconfig,
date, netstat, uptime, etc. In several cases, the arguments to these
commands are not sufficiently validated before they are passed to the
UNIX shell for execution. By using specially crafted arguments, and
attacker could inject shell special characters into the shell command
line, leading to execution of arbitrary programs.

SOLUTION
========

Upgrade to DataDomain OS 4.0.3.6 or later

EXPLOIT
=======

These command lines will launch an interactive UNIX shell:

ifconfig eth0:;sh
ping sh interface eth0:;

ACKNOWLEDGMENTS
===============

Thanks to DataDomain for fixing this issue quickly and their
cooperation in the development of this advisory.

REVISION HISTORY
================

2007-03-28 original release

--
Elliot Kendall <ekendall (at) brandeis (dot) edu [email concealed]>
Network Security Architect
Brandeis University





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.