Zenoss version 2.3.3 suffers from a remote SQL injection vulnerability.
8ae88b4d12441e5901a34796eae64264167b57c8699772ac793843d616c0949enGenuity Information Services -- Security Advisory
Advisory ID: NGENUITY-2010-001 - Zenoss getJSONEventsInfo SQL Injection
Application: Zenoss 2.3.3
Vendor: Zenoss
Vendor website: http://www.zenoss.com
Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)
Authentication: Valid user or admin session required
I. BACKGROUND
"Zenoss Core is an award-winning open source IT monitoring product that
effectively manages the configuration, health and performance of
networks, servers and applications through a single, integrated
software package." [1]
II. DETAILS
getJSONEventsInfo contains multiple SQL Injection vulnerabilities due to improperly
sanitized user provided input. The following URL parameters are injectable: severity,
state, filter, offset, and count.
Authentication as an admin or regular user is required for successful exploitation.
A proof of concept request might look like this
/zport/dmd/Events/getJSONEventsInfo?severity=1&state=1&filter=&
offset=0&count=60 into outfile "/tmp/z"
III. REFERENCES
[1] - http://www.zenoss.com
[2] - http://cwe.mitre.org/data/definitions/89.html
IV. VENDOR COMMUNICATION
3.10.2009 - Vulnerability Discovery
8.21.2009 - Requested status from vendor
9.29.2009 - Vendor call (Fix pending)
Copyright (c) 2009 nGenuity Information Services, LLC
http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed