BMC BladeLogic Server Automation For Linux 8.7 Directory Dump

2016.09.07
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-287


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

Title: Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation Affected Software: BMC BladeLogic Server Automation for Linux <= 8.7 CVSSv2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Reference: CVE-2016-4322 Author: FranASSois Goichon of Context Information Security 1. Product Information =========================== BMC BladeLogic Server Automation (BSA) is an enterprise management solution, which allows its customers to quickly and securely provision, configure, patch, and maintain physical, virtual, and cloud servers. It is available for Linux and Windows and runs as a privileged network daemon on the supervised servers. For more information, please refer to http://www.bmcsoftware.com.au/it-solutions/bladelogic-server-automation.html 2. Vulnerability Summary =========================== A logic flaw in the authentication process of BSA's network daemon (rscd) could allow a remote attacker to execute several commands without providing a valid client certificate or valid credentials. Amongst the affected commands, the REMOTE_COPY_DIRECTORY feature performs a recursive dump of an arbitrary directory, with the daemon's privileges (root). This could allow an attacker to retrieve any file from the remote system, e.g. /etc/shadow. 3. Remediation Steps =========================== It is recommended to upgrade your BSA <= 8.7 for Linux installation by performing one of the following: - Apply BSA 8.7 Patch 3 - Upgrade to BSA >= 8.8 These downloads are available on BMC's Electronic Product Distribution website at http://www.bmc.com/available/epd.html 4. Disclosure Timeline =========================== 02/04/2016: Vendor notified 05/04/2016: Vulnerability confirmed 06/05/2016: Fix available for BSA 8.7 14/06/2016: BSA 8.8, containing a fix for CVE-2016-4322, is released 05/09/2016: Coordinated public disclosure


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top