---------------------------------------------------------------------- Public Beta of CSI and WSUS Integration http://secunia.com/blog/74 ---------------------------------------------------------------------- TITLE: Enomaly ECP Community Edition "vmfeed" Module Multiple Security Issues SECUNIA ADVISORY ID: SA38589 VERIFY ADVISORY: http://secunia.com/advisories/38589/ DESCRIPTION: Sam Johnston has reported some security issues in Enomaly ECP Community Edition, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) The "vmfeed" module contains a mechanism to execute python modules from the vendor's web server. This can be exploited to execute arbitrary code on a vulnerable system e.g. via a MitM (Man-in-the-Middle) or DNS spoofing attack. 2) The "vmfeed" module does not properly verify the authenticity and integrity of virtual machines downloaded via the VMcasting protocol, which can be exploited to e.g. trick a user into installing malicious virtual machines via a MitM (Man-in-the-Middle) or DNS spoofing attack. The security issues are reported in version 3.0.4. Other versions may also be affected. SOLUTION: Do not use the VMcasting functionality. Use a firewall to restrict access to http://enomaly.com/fileadmin/eggs/, http://enomalism.com/vmcast_appliances.php, and http://enomalism.com/vmcast_modules.php. NOTE: The "Community Edition" is unsupported. Migrate to the currently supported products offered by the vendor, which are reportedly not affected. Fixed in Enomaly ECP 3.0.4.2 provided by the OpenECP project. http://sourceforge.net/projects/openecp/files/ PROVIDED AND/OR DISCOVERED BY: Sam Johnston, Australian Online Solutions ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-02/0146.html http://sourceforge.net/projects/openecp/files/enomaly-ecp/README.txt/view ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------