exploit the possibilities

MagniComp SysInfo Information Exposure

MagniComp SysInfo Information Exposure
Posted May 18, 2018
Authored by Harry Sintonen

MagniComp SysInfo contains an information exposure vulnerability through debug functionality.

tags | advisory
advisories | CVE-2018-7268
MD5 | 3224c8cead424f2b911c426520c8d444

MagniComp SysInfo Information Exposure

Change Mirror Download
MagniComp SysInfo Information Exposure [CVE-2018-7268]
======================================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.txt


Overview
--------

MagniComp SysInfo contains a information exposure vulnerability through debug
functionality.


Description
-----------

Due to a combination of setuid binary and verbose debugging, MagniComp SysInfo can be
used to read any file on the system owned by root (uid 0).


Impact
------

A local unprivileged user is able to read any root (uid 0) owned file on the system,
regardless of the file permissions. Confidential information such as password hashes
(/etc/shadow) or other secrets (such as log files, private keys) can be leaked to
the attacker. The vulnerability has a confidentiality impact, but has no direct impact
on system integrity or availability.


Details
-------

[Full details of the vulnerability will be released on 2018.06.18.]


Vulnerabilities
---------------

[Full details of the vulnerability will be released on 2018.06.18.]


Vulnerable versions
-------------------

The following SysInfo versions are confirmed vulnerable:

- Linux/Unix/Mac SysInfo versions up and including 10.0 (H80)

Notably MagniComp SysInfo is bundled with the BMC BladeLogic Automation product. With
BMC BladeLogic installations the tool can be found from the following location:
/opt/bmc/bladelogic/RSCD/nativetool/bin


Mitigation
----------

1. Upgrade to SysInfo 10-H81 or later


Similar or prior work
---------------------

1. Unrelated earlier privilege escalation vulnerability CVE-2017-6516 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6516


Credits
-------

The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.


Timeline
--------

2018.02.13 discovered the vulnerability
2018.02.14 wrote a preliminary advisory
2018.02.14 contacted MagniComp at info@magnicomp.com requesting security contact
2018.02.14 sent vulnerability details to CERT-FI vulncoord
2018.02.15 sent vulnerability details to MagniComp security contact
2018.02.16 MagniComp acknowledged the vulnerability
2018.02.20 requested CVE ID from MITRE
2018.02.21 CVE-2018-7268 assigned by MITRE
2018.02.22 MagniComp released SysInfo 10-H81 fixing the vulnerability. however,
due to extensive OEM bundling the embargo is extended
2018.05.18 public disclosure of the redacted advisory

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close