what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Deutsche Telekom CERT Advisory DTC-A-20140820-001

Deutsche Telekom CERT Advisory DTC-A-20140820-001
Posted Aug 20, 2014
Authored by Deutsche Telekom CERT

check_mk versions prior to 1.2.4p4 and 1.2.5i4 suffer from code execution, write access, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
advisories | CVE-2014-5338, CVE-2014-5339, CVE-2014-5340
SHA-256 | a00c8d0fe4e508233a535d46e84394410ce2c44a02229119c8b053b43de0f949

Deutsche Telekom CERT Advisory DTC-A-20140820-001

Change Mirror Download
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] 

Summary:
Several vulnerabilities were found in check_mk prior versions 1.2.4p4 and 1.2.5i4.
The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - write access to config files (.mk files)
3 - arbitrary code execution

Recommendations:
Install software release 1.2.4p4, 1.2.5i4 or later.

Homepage: http://mathias-kettner.de/check_mk.html

Details:
a) application
b) problem
c) CVSS
d) detailed description

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
a1) check_mk (git hash: 4b71709) [CVE-2014-5338]

b1) Reflected Cross-Site Scripting (XSS)

c1) CVSS 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

d1) The check_mk application is susceptible to reflected XSS attacks. This is mainly the result of improper output encoding. Reflected XSS can be triggered by sending a malicious URL to a user of the check_mk application. Once the XSS attack is triggered, the attacker has access to the full check_mk (and nagios) application with the access rights of the logged in victim.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

a2) check_mk (git hash: 4b71709) [CVE-2014-5339]

b2) Write access to config (.mk) files in arbitrary places on the filesystem

c2) CVSS 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P

d2) The check_mk application does allow an attacker to write check_mk config files (.mk files) on arbitrary locations on the server filesystem

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

a3) check_mk (git hash: 4b71709) [CVE-2014-5340]

b3) Code executing due to insecure input handling

c3) CVSS 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

d3) The check_mk applications uses insecure API calls, which allow an attacker to execute arbitrary code on the server by issuing just a single URL. The reason for this is the usage of the insecure "pickle" API call.
Additionally, there are several locations in the code which allow calling this method without any CSRF tokens in place. This flaw can also be triggered as a non-admin user (for instance as a normal monitoring user, who only has limited capabilities in the application).


Deutsche Telekom Cyber Defense & CERT
Friedrich-Ebert-Allee 140, 53113 Bonn, Germany
+49 800 DTAG CERT (Tel.)
E-Mail: cert@telekom.de
Life is for sharing.

Deutsche Telekom AG
Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
Board of Management: Timotheus Höttges (Chairman),
Dr. Thomas Kremer, Reinhard Clemens, Niek Jan van Damme,
Thomas Dannenfeldt, Claudia Nemat, Prof. Dr. Marion Schick
Commercial register: Amtsgericht Bonn HRB 6794
Registered office: Bonn

Big changes start small – conserve resources by not printing every e-mail.
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close