exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Deutsche Telekom CERT Advisory DTC-A-20140820-001

Deutsche Telekom CERT Advisory DTC-A-20140820-001
Posted Aug 20, 2014
Authored by Deutsche Telekom CERT

check_mk versions prior to 1.2.4p4 and 1.2.5i4 suffer from code execution, write access, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
advisories | CVE-2014-5338, CVE-2014-5339, CVE-2014-5340
SHA-256 | a00c8d0fe4e508233a535d46e84394410ce2c44a02229119c8b053b43de0f949

Deutsche Telekom CERT Advisory DTC-A-20140820-001

Change Mirror Download
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] 

Summary:
Several vulnerabilities were found in check_mk prior versions 1.2.4p4 and 1.2.5i4.
The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - write access to config files (.mk files)
3 - arbitrary code execution

Recommendations:
Install software release 1.2.4p4, 1.2.5i4 or later.

Homepage: http://mathias-kettner.de/check_mk.html

Details:
a) application
b) problem
c) CVSS
d) detailed description

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
a1) check_mk (git hash: 4b71709) [CVE-2014-5338]

b1) Reflected Cross-Site Scripting (XSS)

c1) CVSS 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

d1) The check_mk application is susceptible to reflected XSS attacks. This is mainly the result of improper output encoding. Reflected XSS can be triggered by sending a malicious URL to a user of the check_mk application. Once the XSS attack is triggered, the attacker has access to the full check_mk (and nagios) application with the access rights of the logged in victim.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

a2) check_mk (git hash: 4b71709) [CVE-2014-5339]

b2) Write access to config (.mk) files in arbitrary places on the filesystem

c2) CVSS 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P

d2) The check_mk application does allow an attacker to write check_mk config files (.mk files) on arbitrary locations on the server filesystem

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

a3) check_mk (git hash: 4b71709) [CVE-2014-5340]

b3) Code executing due to insecure input handling

c3) CVSS 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

d3) The check_mk applications uses insecure API calls, which allow an attacker to execute arbitrary code on the server by issuing just a single URL. The reason for this is the usage of the insecure "pickle" API call.
Additionally, there are several locations in the code which allow calling this method without any CSRF tokens in place. This flaw can also be triggered as a non-admin user (for instance as a normal monitoring user, who only has limited capabilities in the application).


Deutsche Telekom Cyber Defense & CERT
Friedrich-Ebert-Allee 140, 53113 Bonn, Germany
+49 800 DTAG CERT (Tel.)
E-Mail: cert@telekom.de
Life is for sharing.

Deutsche Telekom AG
Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
Board of Management: Timotheus Höttges (Chairman),
Dr. Thomas Kremer, Reinhard Clemens, Niek Jan van Damme,
Thomas Dannenfeldt, Claudia Nemat, Prof. Dr. Marion Schick
Commercial register: Amtsgericht Bonn HRB 6794
Registered office: Bonn

Big changes start small – conserve resources by not printing every e-mail.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close