Информационная безопасность
[RU] switch to English


Дополнительная информация

  Уязвимости безопасности в EMC Data Protection Advisor / Connectrix Manager

  ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities

  ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability

From:rgod <nospam_(at)_gmail.it>
Date:8 января 2014 г.
Subject:EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution



EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution

tested against: Microsoft Windows Server 2008 r2 sp1
               EMC Data Protection Advisor 5.8 sp5

vulnerability:
the "DPA Illuminator" service (DPA_Illuminator.exe) listening
on public port 8090 (tcp/http) and 8453 (tcp/https) is vulnerable.
It exposes the following servlet:

http://[host]:8090/invoker/EJBInvokerServlet
https://[host]:8453//invoker/EJBInvokerServlet

due to a bundled invoker.war
The result is remote code execution with NT AUTHORITY\SYSTEM
privileges.

proof of concept url:
http://retrogod.altervista.org/9sg_ejb.html

~rgod~

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород