BugTraq
Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation Sep 04 2016 11:49PM
ZeroDay (zeroday contextis co uk)
Title: Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation
Affected Software: BMC BladeLogic Server Automation for Linux <= 8.7
CVSSv2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Reference: CVE-2016-4322
Author: François Goichon of Context Information Security

1. Product Information
===========================
BMC BladeLogic Server Automation (BSA) is an enterprise management solution, which allows its customers to quickly and securely provision, configure, patch, and maintain physical, virtual, and cloud servers.
It is available for Linux and Windows and runs as a privileged network daemon on the supervised servers.
For more information, please refer to http://www.bmcsoftware.com.au/it-solutions/bladelogic-server-automation.
html

2. Vulnerability Summary
===========================
A logic flaw in the authentication process of BSA's network daemon (rscd) could allow a remote attacker to execute several commands without providing a valid client certificate or valid credentials.
Amongst the affected commands, the REMOTE_COPY_DIRECTORY feature performs a recursive dump of an arbitrary directory, with the daemon's privileges (root).
This could allow an attacker to retrieve any file from the remote system, e.g. /etc/shadow.

3. Remediation Steps
===========================
It is recommended to upgrade your BSA <= 8.7 for Linux installation by performing one of the following:
- Apply BSA 8.7 Patch 3
- Upgrade to BSA >= 8.8
These downloads are available on BMC's Electronic Product Distribution website at http://www.bmc.com/available/epd.html

4. Disclosure Timeline
===========================
02/04/2016: Vendor notified
05/04/2016: Vulnerability confirmed
06/05/2016: Fix available for BSA 8.7
14/06/2016: BSA 8.8, containing a fix for CVE-2016-4322, is released
05/09/2016: Coordinated public disclosure

Security Research - Context Information Security
[Context Logo email]<http://www.contextis.com/>
www.contextis.com<http://www.contextis.com/> [Twitter-logo-bw-24x24] <https://twitter.com/CTXIS> [LinkedIn-logo-bw-24x24] <http://www.linkedin.com/company/context-information-security?trk=biz-co
mpanies-cym>
ABN: 73 148 201 727 | Certified to ISO/IEC 27001:2013 (BSI Certificate IS 553326) and ISO 9001:2008 (BSI Certificate FS 581360)
________________________________
The information contained in this email and any attachments may be legally privileged and confidential. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you are not the intended recipient please contact us immediately. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company.
________________________________

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Sans";
panose-1:2 11 6 2 3 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Title:        
                          
    Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation<o:p></o:p></p>
<p class="MsoNormal">Affected Software:         BMC BladeLogic Server Automation for Linux &lt;= 8.7<o:p></o:p></p>
<p class="MsoNormal">CVSSv2 Base Score:         7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)<o:p></o:p></p>
<p class="MsoNormal">Reference:       &n
bsp;               
  CVE-2016-4322<o:p></o:p></p>
<p class="MsoNormal">Author:        
;                  
      François Goichon of Context Information Security<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">1. Product Information<o:p></o:p></p>
<p class="MsoNormal">===========================<o:p></o:p></p>
<p class="MsoNormal">BMC BladeLogic Server Automation (BSA) is an enterprise management solution, which allows its customers to quickly and securely provision, configure, patch, and maintain physical, virtual, and cloud servers.
<o:p></o:p></p>
<p class="MsoNormal">It is available for Linux and Windows and runs as a privileged network daemon on the supervised servers.<o:p></o:p></p>
<p class="MsoNormal">For more information, please refer to http://www.bmcsoftware.com.au/it-solutions/bladelogic-server-automation.
html<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2. Vulnerability Summary<o:p></o:p></p>
<p class="MsoNormal">===========================<o:p></o:p></p>
<p class="MsoNormal">A logic flaw in the authentication process of BSA's network daemon (rscd) could allow a remote attacker to execute several commands without providing a valid client certificate or valid credentials.
<o:p></o:p></p>
<p class="MsoNormal">Amongst the affected commands, the REMOTE_COPY_DIRECTORY feature performs a recursive dump of an arbitrary directory, with the daemon's privileges (root).<o:p></o:p></p>
<p class="MsoNormal">This could allow an attacker to retrieve any file from the remote system, e.g. /etc/shadow.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">3. Remediation Steps<o:p></o:p></p>
<p class="MsoNormal">===========================<o:p></o:p></p>
<p class="MsoNormal">It is recommended to upgrade your BSA &lt;= 8.7 for Linux installation by performing one of the following:<o:p></o:p></p>
<p class="MsoNormal">- Apply BSA 8.7 Patch 3<o:p></o:p></p>
<p class="MsoNormal">- Upgrade to BSA &gt;= 8.8<o:p></o:p></p>
<p class="MsoNormal">These downloads are available on BMC's Electronic Product Distribution website at http://www.bmc.com/available/epd.html<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">4. Disclosure Timeline<o:p></o:p></p>
<p class="MsoNormal">===========================<o:p></o:p></p>
<p class="MsoNormal">02/04/2016: Vendor notified<o:p></o:p></p>
<p class="MsoNormal">05/04/2016: Vulnerability confirmed<o:p></o:p></p>
<p class="MsoNormal">06/05/2016: Fix available for BSA 8.7<o:p></o:p></p>
<p class="MsoNormal">14/06/2016: BSA 8.8, containing a fix for CVE-2016-4322, is released<o:p></o:p></p>
<p class="MsoNormal">05/09/2016: Coordinated public disclosure<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><span lang="EN-US" style="font-size:10.0pt;line-height:115%;font-family:"Lucida Sans","sans-serif";color:#4D4D4F;mso-fareast-language:EN-
GB">Security Research - Context Information Security</span><span lang="EN-AU" style="mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><a href="http://www.contextis.com/"><span style="color:blue;mso-fareast-language:EN-GB;text-decoration:none"><img border="0" width="192" height="48" id="Picture_x0020_1" src="cid:image001.png (at) 01D2075A (dot) 09B3 [email concealed]91E0" alt="Context Logo email"></span></a><span lang="EN-AU" style="mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="color:#1F497D;mso-fareast-language:EN-GB"><a href="http://www.contextis.com/"><span lang="EN-US" style="font-size:10.0pt;font-family:"Lucida Sans","sans-serif";color:#4D4D4F">www.contextis.com</span
></a></span><span style="font-size:10.0pt;font-family:"Lucida Sans","sans-serif";color:#4D4D4F;mso-fareast-language:EN-
GB">
</span><a href="https://twitter.com/CTXIS"><span style="color:blue;mso-fareast-language:EN-GB;text-decoration:none"><img border="0" width="24" height="24" id="Picture_x0020_2" src="cid:image002.gif (at) 01D2075A (dot) 09B3 [email concealed]91E0" alt="Twitter-logo-bw-24x24"></span></a><span style="font-size:10.0pt;font-family:"Lucida Sans","sans-serif";color:#4D4D4F;mso-fareast-language:EN-
GB"> </span><a href="http://www.linkedin.com/company/context-information-security?trk=b
iz-companies-cym"><span style="color:blue;mso-fareast-language:EN-GB;text-decoration:none"><img border="0" width="24" height="24" id="Picture_x0020_3" src="cid:image003.gif (at) 01D2075A (dot) 09B3 [email concealed]91E0" alt="LinkedIn-logo-bw-24x24"></span></a><span lang="EN-AU" style="mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Lucida Sans","sans-serif";color:#4D4D4F;mso-fareast-language:EN-
GB">ABN: 73 148 201 727</span><span style="font-size:10.0pt;font-family:"Lucida Sans","sans-serif";color:#4D4D4F;mso-fareast-language:EN-
GB">
| Certified to ISO/IEC 27001:2013 (BSI Certificate IS 553326) and ISO 9001:2008 (BSI Certificate FS 581360)</span><span lang="EN-AU" style="mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="EN-US" style="font-size:10.0pt;font-family:"Lucida Sans","sans-serif";color:#4D4D4F;mso-fareast-language:EN-
GB">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Lucida Sans","sans-serif";color:#4D4D4F;mso-fareast-language:EN-
GB">The information contained in this email and any attachments may be legally privileged and confidential. If you
are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you are not the intended recipient please contact us immediately. Any views
or opinions presented in this email are solely those of the author and do not necessarily represent those of the company.</span></i><span lang="EN-AU" style="mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="EN-US" style="font-size:10.0pt;font-family:"Lucida Sans","sans-serif";color:#A7A9AC;mso-fareast-language:EN-
GB">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
?PNG



IHDRÀ0È,âIsRGB®ÎégAMA± üa pHYsÃÃÇo¨d IDATx^í[ ?TÅæw ?à£#?Ý屸¼XqY?å¡V"?$1¢¨e???J¢)EA?±ÔXjL"?ÁTHÀ%IQP£?¼Ù¹?Ù?Ùym¾
î>·oϝ;¯½CÂ.÷«S³³Ýçt?îþút÷í;?z92§Î?;î
©
®­?ÔÔéuS¿{G?ù ¾åEµ²f?2.Ud¾9­×O???­¡?òÀ?:tX«
ã.¥åÕ?î?=#jºLC @?!P}!(sæ?VgðbH|ûkTÛe?þN?ÑGN?WL ó¶»?eWM"6|?6b?v?7ùödVf
ù???þúU8ÐÑÿtê?>ªY:\1BWÔc?aÙ¨5çÞ?ՍÌÙó^åü??Ýûȧ?:?vU8ÐqùH¶6?Þ·??
=#íî
EÉ fìÉm?1ÐqY(rï(Ù3²á¨]òàË?@[w¨
ÏF¢?q©?`}ô épdÙZÊ(e(?Î?#½? ý[¼³6sâ???Yz<²YL)§¡%ِNjyÈ?>Kj¨íµ?ï8§Ø%he¨??»ÐýØSjÃÓ?Å.U?³ô%H
òåB?ÔrNÎÆôOIôô¨½?ÅÑR?úû!]9E?®`?\ÈÆ
¥ ?Üû?X?bO<KIe oJ;aÎZL{27AVø;«³?I¹èÙµG»~?¨Ñaéú¸9©C?É@Ùv?°Â'HÁHG:×
+*?÷?1u~úè?ÂJ$ÃVëðUÛ>Qû?? ?óÄèºGÈÌzXÁ??*"]o??:øO2°ºr j4Û:AqJrn_?B?¦yÙî?HLüæ¢:ùI°½?"L\¡ms%Ðþ¢ãð½ÿQJ-?@eî0?ô1-¬.ô»
U¬D}rk~DLüú­ÐÐQ¶r¾°1Æ?>?Cbæø7df!ñò?¶æz¤³Ãs?¬WTAb­~:?0Xc¿5Ñ6/,h]÷C
?Gâ·ït
°?]Åê
møøôç_??^Û$ªn.Ä!ôª6ªYnÞt?$PÏÛïÚU?aâ?EîqN ¹ïCd¡ïD3b??§?¢¨4aÙÂù?Í`VK6Å<G¸ÆäV5¥><:Rô5sÕa±©Àr»?ÆÚOÆéO???©üæ
ôÝò?1Û"7kåb?Æbt?Y©_Ô¶`nø?°Rÿ8?(Bj¬Ø ?«.b?9f?Ñ?Sd]Æ?V~)ÃX®7´0?
q5s?B ßï???V-D?¸bPüùWH?{)ù·(YVJÁº -äÍS» *%PôÞG?¦ÕúØ?Â?Ñ!©«?«j?ïDÆ??³?!rá$V£ea?yËB}â\jJÔ"ò?1&t
Ã$«æ?øÔ®Û½ññئͱ?>¾???±BÃKéÀ?QAi¨Å?¹H=Ñ0O¦µçx2½=þô¯??Y >A£¥ÃV?Ìè0&ÝBÔ:³?1[v;-[?5~?J¯¬¦cÍbôµlÙ +?¹É¿¾?YMm¡¡£Y9\ÐɬRÕ?æÂÄtV©}ºb¤¬Ûôå@eÊd°w?Ê?4X¶)KA¶KÓ¬?"ñ
úÛ?Ê!m!??¤Ô\d£Ýl?e©a3?}%å  IA êyw/i 3Ì?ÄÊÕ?æQ????ñêì7ßE©¹À6Ù?·Ljê7ÎR÷ÂæM·ÊXnãl?p\p4Go¼)«´WÂë1?
þ?BrÏ~ÌE?ἦXÑK./2&Üì~Øáý$ÞØIÿ[¶?ôÝæl2$²??9;ek$??Ūa£oý?²9g/?:
Æ?y8=Q??
dkF¾ÿ ¥:L??¬b?;Ws?)Þ(?a cj;N Fs[.Xìak·9¯§i²ÉÅÿ?@@ú?¯BWA¬sùºÞýð&ÊË?J 4 2?S伍.£o
??LWXA {$?¨¦N»ºA?ò,?@XAH§Zâ» vtÍC??,rS¨Í!C*E½ÇVg¾?»®?ͱx!¶ÍZ ÏI9U"P:?üà ?9ö?ç
Ê?Û"«Ö3^?ʸs±§Ü÷Ô?"PQ¹BÚ¢££¸­D?E?1?Ü}?e(pKX"èO?ëðß!?
vàwD sÉJ¦ ïÙwväÄÆ?4
 :?¬}?ûZT??Õ.¬mØ??BTü¿Ä"P_ ¤É?x÷´¨8?z?ëX²<q?@Ì?Î5LGP 6|Ûê?O=(??®}XÚ÷AÌy˨0ý:AÊ"P5#P¹R(
 ØëÇs#Wx%P|ûkÌ´µ?ëpÂ?!*ñÒëT??@BÊ'VÛd¶/7Ûî(.??ë]w`ïC{±CW?;VÙýx%
{|'3¤{?Ø?ã[¶;å?íñ­;"«P÷@øßö2????·?v?Mîjl¢Ñ®HU?°²7Ñl¹YuR°â??û?^°?

c48h´,$ðJ ÔÊöí\?¿Î?þì öØTx_µÝ§¼<\¼ä:¥¤mÿ@???ê?TJ>Dv"?DdB ò¶À~,ÎÿÕ§·Yõ¼HZB?¼Î?üË~?l?÷ ?så¹Á
?Ê?¿`4/Hìp.?Òr\6I?$½?.?@åD pÁ???; >â?|w]Øí){.%ððªeaúðQzÀ((¨5
[??ù(ÒÙç×9Ðk?:|?=?¶?ÚUBü?ò
g «@Ú?ÇE?Ø£
7P`ü?W)?Cú?/áå? Ô\°áoY(?`J&)/?@`aµ?°ô?_S??÷5?ó?Sª©Tdù=ì~pp0ò½
?hÁ¼ùvYÁ;Ó¥!!G¾*Ï?(÷I´Ù±?2ÊCé×92ÇOÒ¾ÅvÛ×½ñç?W?E Þ^¬? ]B
êõÓ?¦6¬?´i×6Q¸Zrß2îíEÇ??Ø=ÌÇÏq?ëMm8¿°9ʯÒP(KÆÕZÂè??{ÈdèH}Z»íÌäVµ+
Ì??Hë덳]Z}#¿æCùNtýÉX½ cYA£©UxÌÛªBÑź ?@°g7?¼p.A½½§úàrc#QÆëû°\
r¢Ü·?s"P¯s(3£k݁³©c?USÑ5êêúècö.?qæ'û¢?ÃfËÙþ\=Æñ?Vµ6Ѭ!ãæÃ|ØrÚ?
NVoãÆÆ???s¸ÍSD ü&{H}ú ûdN·ñü4cL_ b
´Qüã?c]sÝHu?±Uꐨ>?¤ç?Ò(¹?m@ì)|wá@¥Àéa? "«S¬D£¹?l$ÞØfß*» ïkLôà?ü·gª?ôg?ó7uHÍ!?-ZÏÎ???YD®?YÃ?8/§ÿs?Ì8D-`Ö03sú,¥æ½ª5´0?@Êë
D7<ÊæSséyRrCÚûË:*¶ùJ*} 9qÊh]?9Çf?b.½¹s]¡3Er÷>LJZpÝ%¨O?þä(Hu¼ë
û?¹á?ìPíê5&Þ"uôÑ3\  N`yrõ$?÷Òb<Û??@?'"vêç¦>þ7XÀ?A???îrÝ2J ?·®B!Æ?Ö?G¹Þ^?#±?¤á?ÒêúF ?púuuÛ[ÙpÄaeK?çú? |.©? dë> ä(K)Tr·Ý?^$d
ÓY{Ñ'?"|ô#än¢«ú»0Y,£O 
þËTk¤ÍÙK²?Î~_âQÎ]èÙµ??ågf×{?kiÿÏÏ8Ú5
¡áã5/rÝxíú l¬?¤2§ÎP?>±÷GÚ"/?Ä_y?jó1àÀ^(K>ª?^ôôÛGñâWf>ú;èDöãÅ¥k´«س¸ªÈ?c
ô±3{þ´[?ïc ¢??ê}øÈ?O ?àÈ?'øòá >|x?O ?àÈ?'øòá >|x?O ?àÈ?'øòá >|x@oïÚ¸>?T?IEND®B`?GIF89aæ??? ^^^ìììÉÉÉýýý???000®¯®kk
kqqqùúúpppKKK???npoccc½½½ÞÞÞtvvwwwsuu¡¢¢ððð\\\²³³   èèèööö???ããäÛÚÚøø
ø___úúúeee"""ÉÊÊ©©©ßßßþÿÿsts888+++ÀÀÀïðï676???´´´???yyy rrråååÜÜÜõöõÙÚÚGGGÙÙÙ???ïïï]]]ÓÓÓmmmhhh³´³jjjPPPaaaYZZMMMýþý???¾¿¿???
,,,¼¼¼555ÖÖÖ¥¥¥;<;ûûûÿÿÿ!ÿ XMP DataXMP<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:E22497679A2411E38D68C6D3086BEF10" xmpMM:DocumentID="xmp.did:E22497689A2411E38D68C6D3086BEF10"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E22497659A2411E38D68C6D3086BEF10" stRef:documentID="xmp.did:E22497669A2411E38D68C6D3086BEF10"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>ÿþýüûúùø÷öõôóòñðïîíìëêéèçæåäãâáàßÞÝÜÛÚÙØ×ÖÕÔÓÒÑÐÏÎÍÌËÊÉÈÇÆÅÄÃÂ
ÁÀ¿¾½¼»º¹¸·¶µ´³²±°¯®­¬«ª©¨§¦¥¤£¢¡ ???????????????????????????~}|{z
yxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:98765432
10/.-,+*)('&%$#"! 

!ù,¼?_????????????ZOJ?#?9?'^^VE\=-?!^??­^.I?Y?
0®)*? ?GFª2»^;@??4­
5È» ?R[ÉÜA?7^8ÜÉ(?"ãÉ+?3é­T?Xï ?PNö:>?,ªØ?¢¨@ü?5ad ?d%HÚàa
ÜHÔåÊ?ÉL4Òè? 8 ?H£?0cÊD;GIF89aæ&&&ÄÄÄ???øøøüüü===---???ÇÇÇyyywwwbbbAAA,,,///÷÷
÷gggûûûÅÅÅ~~~¢¢¢ÑÑÑxxxõõõôôôGGG(((£££¿¿¿¤¤¤555\\\CCC???lll³³³vvvÃÃ
ÃÓÓÓ___þþþDDD888$$$???^^^ÐÐÐ µµµïïïÆÆÆccchhh000@@@ tttppp...EEE333???

½½½´´´úúú%%%```???dddaaa>>>ÿÿÿ!ÿ XMP DataXMP<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:EA0EFD379A2411E3B021A33DB0DAF0D8" xmpMM:DocumentID="xmp.did:EA0EFD389A2411E3B021A33DB0DAF0D8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA0EFD359A2411E3B021A33DB0DAF0D8" stRef:documentID="xmp.did:EA0EFD369A2411E3B021A33DB0DAF0D8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>ÿþýüûúùø÷öõôóòñðïîíìëêéèçæåäãâáàßÞÝÜÛÚÙØ×ÖÕÔÓÒÑÐÏÎÍÌËÊÉÈÇÆÅÄÃÂ
ÁÀ¿¾½¼»º¹¸·¶µ´³²±°¯®­¬«ª©¨§¦¥¤£¢¡ ???????????????????????????~}|{z
yxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:98765432
10/.-,+*)('&%$#"! 

!ù,÷?T?????????9% P? <J?AS??????£@?*?DE>¤??Q?T­?
R°??·?¹?±S67¿SÁ?Ã?N.H-02SF,
?ËTÃL8OSI(?KG¸ºST1S?? ÀëTSTf4ä?0Mùöõ£rA?T0d?P?45 @EÁDnúCà£Geø,.$9Å?ɏÃ8²U?J
M=UøØD?! <???¦'¼ÐôjÐ?d??
2µÓBDHÙʵ+× pTD¶¬ÙA;<html><head><meta charset="windows-1252"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">Title: Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation
Affected Software: BMC BladeLogic Server Automation for Linux <= 8.7
CVSSv2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Reference: CVE-2016-4322
Author: François Goichon of Context Information Security

1. Product Information
===========================
BMC BladeLogic Server Automation (BSA) is an enterprise management solution, which allows its customers to quickly and securely provision, configure, patch, and maintain physical, virtual, and cloud servers.
It is available for Linux and Windows and runs as a privileged network daemon on the supervised servers.
For more information, please refer to http://www.bmcsoftware.com.au/it-solutions/bladelogic-server-automation.
html

2. Vulnerability Summary
===========================
A logic flaw in the authentication process of BSA's network daemon (rscd) could allow a remote attacker to execute several commands without providing a valid client certificate or valid credentials.
Amongst the affected commands, the REMOTE_COPY_DIRECTORY feature performs a recursive dump of an arbitrary directory, with the daemon's privileges (root).
This could allow an attacker to retrieve any file from the remote system, e.g. /etc/shadow.

3. Remediation Steps
===========================
It is recommended to upgrade your BSA <= 8.7 for Linux installation by performing one of the following:
- Apply BSA 8.7 Patch 3
- Upgrade to BSA >= 8.8
These downloads are available on BMC's Electronic Product Distribution website at http://www.bmc.com/available/epd.html

4. Disclosure Timeline
===========================
02/04/2016: Vendor notified
05/04/2016: Vulnerability confirmed
06/05/2016: Fix available for BSA 8.7
14/06/2016: BSA 8.8, containing a fix for CVE-2016-4322, is released
05/09/2016: Coordinated public disclosure

</pre></body></html>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus