0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Infoblox 6.8.2.11 - OS Command Injection / Weak MySQL Password Vulnerability
Author
Risk
[Security Risk High
]0day-ID
Category
Date add
CVE
Platform
Product: Network Automation, licensed as: • NetMRI • Switch Port Manager • Automation Change Manager • Security Device Controller Vendor: Infoblox Vulnerable Version(s): 6.4.X.X-6.8.4.X Tested Version: 6.8.2.11 Vendor Notification: May 12th, 2014 Vendor Patch Availability to Customers: May 16th, 2014 Public Disclosure: July 9th, 2014 Vulnerability Type: OS Command Injection [CWE-78] CVE Reference: CVE-2014-3418 Risk Level: High CVSSv2 Base Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Solution Status: Solution Available Discovered and Provided: Nate Kettlewell, Depth Security ( https://www.depthsecurity.com/ ) ------------------------------------------------------------------------ ----------------------- Advisory Details: Depth Security discovered a vulnerability in the Infoblox Network Automation management web interface. This attack does not require authentication of any kind. 1) OS Command Injection in Infoblox Network Automation Products: CVE-2014-3418 The vulnerability exists due to insufficient sanitization of user-supplied data in in skipjackUsername POST parameter. A remote attacker can inject operating system commands as the root user, and completely compromise the operating system. The following is the relevant portion of the multipart/form-data POST request to netmri/config/userAdmin/login.tdf Content-Disposition: form-data; name="skipjackUsername" admin`ping -n 20 127.0.0.1` Solution: Infoblox immediately released a hotfix to remediate this vulnerability on existing installations (v6.X-NETMRI-20710.gpg). The flaw was corrected in the 6.8.5 release (created expressly for dealing with this issue), and that release has been put into manufacturing for new appliances. ------------------------------------------------------------------------ ----------------------- 2) Weak password on local MySQL database: CVE-2014-3419 The vulnerability exists due to a weak password used for local MySQL access An authenticated user with shell access to the operating system can access the contents of any database in the local MySQL instance using the local MySQL client (“mysql –u root –p”) with the following credentials: Username: root Password: root Sensitive information such as SNMP community names and network device credentials are encrypted inside of the database. ------------------------------------------------------------------------ ----------------------- Solution: The vendor has released a hotfix to remediate this vulnerability on existing installations. The flaw was corrected in the 6.8.5 release. ------------------------------------------------------------------------ ----------------------- Proof of Concept: In addition to manual exploitation via the above mentioned vector, proof of concept is provided in the form of a module for the metasploit framework. https://github.com/depthsecurity/NetMRI-2014-3418 # 0day.today [2024-11-15] #