| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Jan 2014 12:28:04 +0100
From: Thomas Pollet <thomas.pollet@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: ADV: IBM QRadar SIEM
Hello,
Copy/paste from
http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html:
IBM QRadar SIEM CSRF - XSS - MITM - RCE
I have found the IBM QRadar Security Intelligence Platform auto update
mechanisms exposes a number of security bugs.
Web Interface Sreenshot (/console/do/qradar/autoupdateConsole)
<http://4.bp.blogspot.com/-59tEPlAPaQM/UuJIL7p-oZI/AAAAAAAAAhw/Vz8iHxWG60M/s1600/qupdate.PNG>
- The autoupdateConsole doesn't check for cross site request forgery
- Input to the autoupdateConsole proxyUsername field is not sanitized,
therefore it is possible to inject html into the web interface
- The autoupdate mechanism doesn't check ssl certificates before
downloading the updates
- The autoupdate mechanism downloads a file scripts/script_list which
contains a list of files together with their hash. The autoupdate process
then tries to verify the hash but doing so, it doesn't escape shell
characters. This way it is possible to execute commands. For example, the
appliance will reboot if the script_list contains an entry
372e25f23b5a8ae33c7ba203412ace30 $(reboot)
- The autoupdate mechanism runs as root
Regards,
Thomas
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists