OPeNDAP BES Compressed Files Remote Command Execution Vulnerability

TITLE: OPeNDAP BES Compressed Files Remote Command Execution Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 18 2007 12:00AM
UPDATE: May 18 2007 10:18PM
CREDIT: NCIRT labs is credited with reporting this vulnerability.
VULNERABLE:

OPeNDAP Hyrax 1.2
OPeNDAP BES 3.4.2
+ OPeNDAP Hyrax 1.2

NOT VULNERABLE:

OPeNDAP Hyrax 1.2.1
OPeNDAP BES 3.5
+ OPeNDAP Hyrax 1.2.1

Vai alla pagina originale su Security Focus

Discussion

OPeNDAP BES is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting this issue allows attackers to execute arbitrary commands or to upload files, all in the context of the server.

A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.

This issue affects BES versions prior to 3.5.0.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
The vendor has addressed this issue in OPeNDAP Server4 (Hyrax) version 1.2.1 and BES 3.5.0.


OPeNDAP BES 3.4.2

• OPeNDAP bes-3.5.0.tar.gz
  http://www.opendap.org/pub/source/bes-3.5.0.tar.gz

References

References:

• BES Software Download Page (OPeNDAP)
  
• Hyrax Download Page (OPeNDAP)
  
• OPeNDAP Home Page (OPeNDAP)
  
• OPeNDAP Security Messages (OPeNDAP)
  
• Vulnerability Note VU#659148 OPeNDAP arbitrary command execution vulnerability (US-CERT)
  

PhpLog