|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2516 CVE : CVE-2007-1836 SecurityRisk : Medium  (About) Remote Exploit : No Local Exploit : Yes Exploit Available : Yes Credit : Elliot Kendall Published : 05.04.2007
Advisory Content : SUMMARY ======= An arbitrary command execution vulnerability exists in the command line administration interface of the software used by DataDomain appliances. An attacker who is able to access the administration interface could exploit this vulnerability to install malicious software and use the DataDomain appliance as a base from which to launch attacks on other systems. AFFECTED SOFTWARE ================= * Data Domain OS 3.0.0 through 4.0.3.5 * Possibly Data Domain OS 2.x and earlier UNAFFECTED ========== * Data Domain OS 4.0.3.6 and later IMPACT ====== An attacker who is able to access the administration interface could install malicious software and use the DataDomain appliance as a base from which to launch attacks on other systems. Because its owners may not view the DataDomain applicance as a general-purpose device, they may not suspect that it might be compromised. In that way the attacker might evade detection, even if other compromised systems are discovered and quarantined. DETAILS ======= Several of the commands presents in the DataDomain administrative are very simple wrappers around UNIX commands, including ping, ifconfig, date, netstat, uptime, etc. In several cases, the arguments to these commands are not sufficiently validated before they are passed to the UNIX shell for execution. By using specially crafted arguments, and attacker could inject shell special characters into the shell command line, leading to execution of arbitrary programs. SOLUTION ======== Upgrade to DataDomain OS 4.0.3.6 or later EXPLOIT ======= These command lines will launch an interactive UNIX shell: ifconfig eth0:;sh ping sh interface eth0:; ACKNOWLEDGMENTS =============== Thanks to DataDomain for fixing this issue quickly and their cooperation in the development of this advisory. REVISION HISTORY ================ 2007-03-28 original release -- Elliot Kendall <ekendall (at) brandeis (dot) edu [email concealed]> Network Security Architect Brandeis University  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |