exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Solarwinds Virtualization Manager 6.3.1 Java Deserialization

Solarwinds Virtualization Manager 6.3.1 Java Deserialization
Posted Jun 15, 2016
Authored by Nate Kettlewell

Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.

tags | exploit, java
advisories | CVE-2016-3642
SHA-256 | f915b7c8e1490be3b5efefa54a6482a71e7b49a70921a15a16cb111dcf215ee6

Solarwinds Virtualization Manager 6.3.1 Java Deserialization

Change Mirror Download
Java Deserialization in Solarwinds Virtualization Manager 6.3.1

Product: Solarwinds Virtualization Manager
Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Deserialization of Untrusted Data [CWE-502]
CVE Reference: CVE-2016-3642
Risk Level: High
CVSSv2 Base Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Solution Status: Solution Available

Discovered and Provided: Nate Kettlewell, Depth Security ( https://www.depthsecurity.com/ )

-----------------------------------------------------------------------------------------------

Advisory Details:

Depth Security discovered a vulnerability in Solarwinds Virtualization Manager Java RMI service. This attack does not require authentication of any kind.

1) Deserialization of Untrusted Data in Solarwinds Virtualization Manager: CVE-2016-3642

The vulnerability exists due to the deserialization of untrusted data in the RMI service running on port 1099/TCP.
A remote attacker can execute operating system commands as an unprivileged user.

-----------------------------------------------------------------------------------------------

Solution:

Solarwinds has released a hotfix to remediate this vulnerability on existing installations.

This flaw as well as several others have been corrected and that release has been put into manufacturing for new appliances.

-----------------------------------------------------------------------------------------------

Proof of Concept:

The following is an example of the usage of the "ysoserial" tool to execute operating system commands against the 10.10.10.10 host.

java -cp ysoserial-0.0.2-all.jar ysoserial.RMIRegistryExploit 10.10.10.10 1099 CommonsCollections1 'OS COMMANDS HERE'

-----------------------------------------------------------------------------------------------

References:

[1] Solarwinds Virtualization Manager- http://www.solarwinds.com/virtualization-manager - Solarwinds Virtualization Manager provides monitoring and remediation for virtualized environments.
[2] Common Weakness Enumeration (CWE) - http://cwe.mitre.org/ - Targeted to developers and security practitioners, CWE is a formal list of software weakness types.


Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close