EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution

2014-01-08T00:00:00
ID SECURITYVULNS:DOC:30175
Type securityvulns
Reporter Securityvulns
Modified 2014-01-08T00:00:00

Description

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution

tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5

vulnerability: the "DPA Illuminator" service (DPA_Illuminator.exe) listening on public port 8090 (tcp/http) and 8453 (tcp/https) is vulnerable. It exposes the following servlet:

http://[host]:8090/invoker/EJBInvokerServlet https://[host]:8453//invoker/EJBInvokerServlet

due to a bundled invoker.war The result is remote code execution with NT AUTHORITY\SYSTEM privileges.

proof of concept url: http://retrogod.altervista.org/9sg_ejb.html

~rgod~