lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 19 Apr 2007 15:59:25 +0200
From: <rashbi@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: bugtraq@...urityfocus.com
Subject: Re: ZDI-07-020: BMC Performance Manager SNMP
	Command Execution Vulnerability


> BMC has provided the following statement: "[This issue] has been 
> found not to be a security vulnerability; when properly 
configured 
> (as described for our customers in our documentation and in our 
> online knowledge base) this attack is not possible."

Anybody with some experience on BMC Patrol products know that 
security levels 1 to 4 are rarely used, because of the 
configuration and management overhead.

Furthermore, level 0 (the default one) isn't imho the only security 
level impacted by this vulnerability (which is an anonymous r/w 
access to the SNMP configuration, including full paths to 
binaries), given that level 1 use anonymous SSL and that level 2 
use SSL with unverified client certificate. Levels 1 and 2 will 
just help an attacker to bypass your NIDS.

Interested people can have a look to the "Patrol Security User 
Guide" 
(http://www.bmc.com/supportu/documents/73/44/17344/17344.pdf) for 
additional details.

Conclusion : pconfig/xpconfig/wpconfig or any similar custom script 
can be used to hack any default install of Patrol BMC but it "has 
been found not to be a security vulnerability". How sad :-(

-- 
Rashbi

--
Click to find local singles for dating, romance and fun
http://tagline.hushmail.com/fc/CAaCXv1Va9LKiVtoaSprUASsXo9Otqwh/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ