Arbitrary Command Execution in DataDomain Administrator Interface

2007-03-29T00:00:00
ID SECURITYVULNS:DOC:16515
Type securityvulns
Reporter Securityvulns
Modified 2007-03-29T00:00:00

Description

SUMMARY

An arbitrary command execution vulnerability exists in the command line administration interface of the software used by DataDomain appliances. An attacker who is able to access the administration interface could exploit this vulnerability to install malicious software and use the DataDomain appliance as a base from which to launch attacks on other systems.

AFFECTED SOFTWARE

  • Data Domain OS 3.0.0 through 4.0.3.5

  • Possibly Data Domain OS 2.x and earlier

UNAFFECTED

  • Data Domain OS 4.0.3.6 and later

IMPACT

An attacker who is able to access the administration interface could install malicious software and use the DataDomain appliance as a base from which to launch attacks on other systems. Because its owners may not view the DataDomain applicance as a general-purpose device, they may not suspect that it might be compromised. In that way the attacker might evade detection, even if other compromised systems are discovered and quarantined.

DETAILS

Several of the commands presents in the DataDomain administrative are very simple wrappers around UNIX commands, including ping, ifconfig, date, netstat, uptime, etc. In several cases, the arguments to these commands are not sufficiently validated before they are passed to the UNIX shell for execution. By using specially crafted arguments, and attacker could inject shell special characters into the shell command line, leading to execution of arbitrary programs.

SOLUTION

Upgrade to DataDomain OS 4.0.3.6 or later

EXPLOIT

These command lines will launch an interactive UNIX shell:

ifconfig eth0:\;sh ping sh interface eth0:\;

ACKNOWLEDGMENTS

Thanks to DataDomain for fixing this issue quickly and their cooperation in the development of this advisory.

REVISION HISTORY

2007-03-28 original release

-- Elliot Kendall <ekendall@brandeis.edu> Network Security Architect Brandeis University

Trouble replying? See http://people.brandeis.edu/~ekendall/sign/