IBM Open Admin Tool SOAP welcomeServer PHP Command Injection

Added: 09/27/2017
CVE: CVE-2017-1092
BID: 98615

Background

IBM Informix Dynamic Server (IDS) is an online transaction processing (OLTP) data server for enterprise and workgroup computing. Open Admin Tool (OAT) is an open source, platform-independent tool providing a graphical interface for administrative tasks and performance analysis for IDS.

Problem

The **welcomeServer** SOAP service does not properly validate user input in the **new_home_page** parameter of the **saveHomePage** method. This allows arbitrary code to be written to the **config.php** file which is accessible directly from the Open Admin web root. If successfully exploited, an unauthenticated user could execute arbitrary code as system admin on Windows servers and as an unprivileged user on *nix servers.

Resolution

Apply the appropriate patches referenced in IBM Security Bulletin: Vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool.

References

<http://www-01.ibm.com/support/docview.wss?uid=swg22002897&gt;
<https://www.exploit-db.com/exploits/42541/&gt;

Limitations

Exploit works on IBM Open Admin Tool 3.14 on Informix 12.1 Developer Edition (SUSE Linux 11) virtual appliance.

The Open Admin welcome message in **config.php** needs to be restored if exploit was successful.