Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16515
HistoryMar 29, 2007 - 12:00 a.m.

Arbitrary Command Execution in DataDomain Administrator Interface

2007-03-2900:00:00
vulners.com
20

SUMMARY

An arbitrary command execution vulnerability exists in the command line
administration interface of the software used by DataDomain appliances.
An attacker who is able to access the administration interface could
exploit this vulnerability to install malicious software and use the
DataDomain appliance as a base from which to launch attacks on other
systems.

AFFECTED SOFTWARE

  • Data Domain OS 3.0.0 through 4.0.3.5

  • Possibly Data Domain OS 2.x and earlier

UNAFFECTED

  • Data Domain OS 4.0.3.6 and later

IMPACT

An attacker who is able to access the administration interface could
install malicious software and use the DataDomain appliance as a base
from which to launch attacks on other systems. Because its owners may
not view the DataDomain applicance as a general-purpose device, they
may not suspect that it might be compromised. In that way the attacker
might evade detection, even if other compromised systems are discovered
and quarantined.

DETAILS

Several of the commands presents in the DataDomain administrative are
very simple wrappers around UNIX commands, including ping, ifconfig,
date, netstat, uptime, etc. In several cases, the arguments to these
commands are not sufficiently validated before they are passed to the
UNIX shell for execution. By using specially crafted arguments, and
attacker could inject shell special characters into the shell command
line, leading to execution of arbitrary programs.

SOLUTION

Upgrade to DataDomain OS 4.0.3.6 or later

EXPLOIT

These command lines will launch an interactive UNIX shell:

ifconfig eth0:\;sh
ping sh interface eth0:\;

ACKNOWLEDGMENTS

Thanks to DataDomain for fixing this issue quickly and their
cooperation in the development of this advisory.

REVISION HISTORY

2007-03-28 original release


Elliot Kendall <[email protected]>
Network Security Architect
Brandeis University

Trouble replying? See http://people.brandeis.edu/~ekendall/sign/