Secunia Security Advisory - Sam Johnston has reported some security issues in Enomaly ECP Community Edition, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
43f6e61881222e55b8ed4aa3c08712b066e6223b1bc071e64642f87b43f8bba1
----------------------------------------------------------------------
Public Beta of CSI and WSUS Integration
http://secunia.com/blog/74
----------------------------------------------------------------------
TITLE:
Enomaly ECP Community Edition "vmfeed" Module Multiple Security
Issues
SECUNIA ADVISORY ID:
SA38589
VERIFY ADVISORY:
http://secunia.com/advisories/38589/
DESCRIPTION:
Sam Johnston has reported some security issues in Enomaly ECP
Community Edition, which can be exploited by malicious people to
bypass certain security restrictions and compromise a vulnerable
system.
1) The "vmfeed" module contains a mechanism to execute python modules
from the vendor's web server. This can be exploited to execute
arbitrary code on a vulnerable system e.g. via a MitM
(Man-in-the-Middle) or DNS spoofing attack.
2) The "vmfeed" module does not properly verify the authenticity and
integrity of virtual machines downloaded via the VMcasting protocol,
which can be exploited to e.g. trick a user into installing malicious
virtual machines via a MitM (Man-in-the-Middle) or DNS spoofing
attack.
The security issues are reported in version 3.0.4. Other versions may
also be affected.
SOLUTION:
Do not use the VMcasting functionality. Use a firewall to restrict
access to http://enomaly.com/fileadmin/eggs/,
http://enomalism.com/vmcast_appliances.php, and
http://enomalism.com/vmcast_modules.php.
NOTE: The "Community Edition" is unsupported. Migrate to the
currently supported products offered by the vendor, which are
reportedly not affected.
Fixed in Enomaly ECP 3.0.4.2 provided by the OpenECP project.
http://sourceforge.net/projects/openecp/files/
PROVIDED AND/OR DISCOVERED BY:
Sam Johnston, Australian Online Solutions
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/2010-02/0146.html
http://sourceforge.net/projects/openecp/files/enomaly-ecp/README.txt/view
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------