oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenFiler - Arbitrary Code Execution & Stored XSS

From: Dolev Farhi <dolevf87 () gmail com>
Date: Mon, 19 May 2014 10:48:17 +0300
Yes,

OpenFiler uses the 'openfiler' user account for its' web user interface,
and port 446 is open for the UI administration.

in general, logged on user doesn't have direct shell access and the
OpenFiler appliance does not provide with an interface

to interact directly with the shell. this makes the command execution
problematic in terms of security as it allows an attacker to run

system commands and read arbitrary system files via the host name change
box.

Regarding the XSS vulnerability; OpenFiler allows LDAP authentication and
not just local user accounts, this may cause privilege escalations once a
regular user adds a malicious shared device..








On Mon, May 19, 2014 at 6:46 AM, <cve-assign () mitre org> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can you provide more information about how these issues cross
privilege boundaries?

As far as the GUI is concerned, the 'root' account is just a normal





user. You need to log in as 'openfiler' to administer the system.

Maybe there's an argument that one only needs network connectivity to
TCP port 446 for the administrative web interface, but one needs
connectivity to TCP port 22 (maybe?) to login as root.

Also, http://www.exploit-db.com/exploits/33248/ seems to be about XSS
attacks conducted by the openfiler account against the openfiler
account.

The issues can have CVE IDs only if there's privilege escalation in a
realistic way.

- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTeX3gAAoJEKllVAevmvms9lsIALryes3uY6dITdbP/1R4ee/0
FGFDq0WH8VvEwSiNzqGyavupGeq0O0X0PEkOnb3mwAcBV38X4MU3K7zsSGaoWEEt
4X7o7VU7XhewwSO6t+LabaVZcu0Vk3Y5sSDuOUH2GxmvGQcJAFstQF5bVp4Jan8q
O4oz3T0ny9AX1rJhxcoII0ReatWsl5h7HrkskvS8DGwiqBlFAeUwQMr63gDYqCYK
nHLl1dmrl9EGwKTOVeZcjUdmV5ElZtw6oTSsXrMYZKU5aeBb16mD+LpmHUFzyT3j
oqoRdqUeZbxB8gxj2mVyp1n+7Pnt2vDvH5VE5+OADceaZV1pNDpoukVveWq34n4=
=3gFo
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: