--47eKBCiAZYFK5l32
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
SUMMARY
======
An arbitrary command execution vulnerability exists in the command line
administration interface of the software used by DataDomain appliances.
An attacker who is able to access the administration interface could
exploit this vulnerability to install malicious software and use the
DataDomain appliance as a base from which to launch attacks on other
systems.
AFFECTED SOFTWARE
================
* Data Domain OS 3.0.0 through 4.0.3.5
* Possibly Data Domain OS 2.x and earlier
UNAFFECTED
=========
* Data Domain OS 4.0.3.6 and later
IMPACT
=====
An attacker who is able to access the administration interface could
install malicious software and use the DataDomain appliance as a base
=66rom which to launch attacks on other systems. Because its owners may
not view the DataDomain applicance as a general-purpose device, they
may not suspect that it might be compromised. In that way the attacker
might evade detection, even if other compromised systems are discovered
and quarantined.
DETAILS
======
Several of the commands presents in the DataDomain administrative are
very simple wrappers around UNIX commands, including ping, ifconfig,
date, netstat, uptime, etc. In several cases, the arguments to these
commands are not sufficiently validated before they are passed to the
UNIX shell for execution. By using specially crafted arguments, and
attacker could inject shell special characters into the shell command
line, leading to execution of arbitrary programs.
SOLUTION
=======
Upgrade to DataDomain OS 4.0.3.6 or later
EXPLOIT
======
These command lines will launch an interactive UNIX shell:
ifconfig eth0:\;sh
ping sh interface eth0:\;
ACKNOWLEDGMENTS
==============
Thanks to DataDomain for fixing this issue quickly and their
cooperation in the development of this advisory.
REVISION HISTORY
===============
2007-03-28 original release
--
Elliot Kendall
Network Security Architect
Brandeis University
Trouble replying? See http://people.brandeis.edu/~ekendall/sign/
--47eKBCiAZYFK5l32
Content-Type: application/x-pkcs7-signature
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIIItAYJKoZIhvcNAQcCoIIIpTCCCKECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BiswggLkMIICTaADAgECAhBggvMqYGnmWTL8QHFRd45JMA0GCSqGSIb3DQEBBQUAMGIxCzAJ
BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD
VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNjExMjIxOTA3
MzJaFw0wNzExMjIxOTA3MzJaMEcxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIx
JDAiBgkqhkiG9w0BCQEWFWVrZW5kYWxsQGJyYW5kZWlzLmVkdTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAO9eDtuy41oKi2lWSjfmLhH9Essvghz1h96Hqdh+AYkEz1wEJWG5
ovCDBzrekBdRkXB8vN1p8CV4jfyI2u2Ahrbiv33h45ComeVKMc1lUmMTdICfe5SHzj0+0fK2
G2dUHS6t5CEG2Dy1pZBN3+4dyun3VkkYGJB6IYuvGVxwH8YUw8Dc/SmWBOtLTPjDZ8kZVQyC
o+rzDVGFNJVYmjOy9+n0EEgVgNTmgAQGSlWFpR7jnBgjB0ppicKQse9sj/OW33cCHYmcxO85
pYySx+glldHfUiHD2YqNiMOjiBF0n/Q9kLQh/IyzVbRue5efYvwCGSsjb3LBVAHg6JPg+Rcq
zpECAwEAAaMyMDAwIAYDVR0RBBkwF4EVZWtlbmRhbGxAYnJhbmRlaXMuZWR1MAwGA1UdEwEB
/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAmZlx5KZcqutjgUk1vgyPtnx/ptHdLo8iHiyVGrSj
5Hc/zl4+QOLHBQU/0NCAkzPQFSl/LUQYsMefBo9enPIY79OUFO9gThclvpr3WmghB+agvVxf
Skm4VoxKsWtrBX46FDafeRuCGdRxvR1IhT0sc7Un7Rc1J5OitkVwxegEsj8wggM/MIICqKAD
AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n
MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtU
aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy
ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQsw
CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG
A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHy
v1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsY
Pge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0T
AQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20v
VGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQe
MBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD
6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ
GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC
3CEZNd4ksdMdRv9dX2VPMYICUTCCAk0CAQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc
VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs
IEZyZWVtYWlsIElzc3VpbmcgQ0ECEGCC8ypgaeZZMvxAcVF3jkkwCQYFKw4DAhoFAKCBsTAY
BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzAzMjgxOTM4MzFa
MCMGCSqGSIb3DQEJBDEWBBRpSjISoYSlzPpF/OZLn0pdhinayTBSBgkqhkiG9w0BCQ8xRTBD
MAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzAN
BggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQDTvFMoxm+M6lYwguVMYEnfzrVYrdIO
jsgB4ZXGtDNFG37Dz9JtRCsxfitwG7+zhW/vn/mrkGI2NZJrnH/lx6rnDWABzzw+UQARtdSh
Cugs1KxmSX+ESonhidLalnUj0Qr/lBJ8LGcpLSdEgeQ580bBvnNAnLSJnZKHaQJmTAVQh4G0
XF6qAMiRZ4lhZo9tq58RO7m/MIMbyq7hYr/kXo5lUrJt4QvibDZ2Ll2P2qlVxmlfqlOMSUFv
Dqf5k1v16X0+LyObLGfj82NlCg3uLmWP6y2GN2+erse+LNtzS9RQwaJy/4ESDsUnmj7AMYt9
+Kd+QF0f6yzFOQJUie8qYiUG
--47eKBCiAZYFK5l32--