Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30750
HistoryMay 15, 2014 - 12:00 a.m.

[oss-security] OpenFiler - Arbitrary Code Execution & Stored XSS

2014-05-1500:00:00
vulners.com
37
JSON

hi,

Multiple vulnerabilities were discovered in the latest version of OpenFiler
appliance, 2.99.1 as reported
here<https://forums.openfiler.com/index.php?/topic/6720-arbitrary-code-execution-stored-xss-vulnerability-in-openfiler-latest-version-2991/&gt;,
here <http://www.exploit-db.com/exploits/33247&gt; and
here<http://www.exploit-db.com/exploits/33248&gt;
OpenFiler is a FreeNAS appliance equivalent.

  • Vulnerability 1
    OpenFiler is vulnerable to an arbitrary code execution attack by not
    validating the hostname input, this vulnerability allows an attacker to
    execute any system shell command with the root user privileges.

  • Proof of concept:
    i. Login with any available user
    ii. Change the hostname value to `cat /etc/passwd`
    iii. Submit

  • Refreshing the screen / Reloading the page results with passwd content in
    the OpenFiler system hostname value.
  • Vulnerability 2
    Multiple Stored XSS were found in OpenFiler, by creating a volume group or
    a network access configuration with malicious code e.g.
    <script>alert("css")</script> any user attempt to create, view or modify
    volume shares executes the attack.

Proof of concept vids

  1. Link 1 <http://research.openflare.org/poc/openfiler/codexec.mp4&gt;
  2. Link 2 <http://research.openflare.org/poc/openfiler/xss.mp4&gt;

Can CVEs please be assigned to these issues?

Tx

JSON