mailing list archives
Vulnerability Report: EMC Centera Universal Access
From: Aaron Brown <Aaron.Brown () admeritia de>
Date: Wed, 23 Jul 2008 19:09:27 +0200
adMERITia Vulnerability Report
Product: Centera Universal Access
Vulnerability Type: Software Flaw
Vulnerability: SQL Injection
Impact: Attacker can bypass the authentication method and will be logged in as an arbitrary user. With specific
knowledge of user names it is possible for an attacker to choose the user he/she wishes to log in as without a password.
Description: The user name field of the CUA Module Login does not sanitize user input allowing for an attacker to run
arbitrary SQL code. Through "--" syntax it is possible to comment out the password check allowing an attacker to log in
with the first available user name in the table. After performing this several times or by searching through the
"Accounts" tab within the CUA Module an attacker can gather a list of all users. With this list an attacker can select
an administrator account and log in with this by simply entering the user name followed by "--".
How Vulnerability can be reproduced:
For an arbitrary account enter the following in the user field: ' --
For a targeted account enter the following in the user field: valid_user_name' --
Software Version: CUA4.0_4735.p4
Operating System: Linux i386 V. 220.127.116.11-0.15_VCUA4_0_4735
Fix: (quote from the vendor)
"The remedy for the reported problems has been released on 30 June 2008 and is available on EMC Powerlink as CUA 4.0.1
Patch 1, under "Support -> Software Download"."
Vendor URL: www.emc.com
Vendor was informed of the problem, and was very cooperative in getting a patch developed for the problem. However,
contact was broken off by the vendor after the relevant patch was released. The vendor has not yet published an
advisory stating the reason for the latest patch or the discovered vulnerability in previous versions. This
vulnerability was brought to the attention of the vendor on May 20, 2008 under the policy of responsible disclosure as
documented at http://www.wiretrip.net/rfp/policy.html. After cooperating on a patch the vendor did not respond to
requests to release a public advisory. Therefore we have taken the initiative to alert the public through various
Credit for this vulnerability finding should be given to:
Lars Heidelberg, adMERITia GmbH
Aaron Brown, adMERITia GmbH
The information within this document may change without notice. Use of this information constitutes acceptance for use
in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable
for any consequences whatsoever arising out of or in connection with the use or spread of this information. Any use of
this information lays within the user's responsibility.
Mit freundlichen Grüssen / With kind regards
Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene
Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme,
Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in
diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen.
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or
organization to whom they are addressed. Should you not be the intended addressee of this e-mail or his or her
representative, please note that publication, replication of the contents by any means or further communication of the
content is not permissible. Should you have received this e-mail in error, please notify the sender.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Vulnerability Report: EMC Centera Universal Access Aaron Brown (Jul 23)