Opsware网络自动化系统 Root口令信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193996 漏洞类型 配置错误
发布时间 2006-07-26 更新时间 2006-08-02
CVE编号 CVE-2006-3878 CNNVD-ID CNNVD-200607-448
漏洞平台 N/A CVSS评分 2.1
|漏洞来源
https://cxsecurity.com/issue/WLB-2006070126
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-448
|漏洞详情
Opsware网络自动化系统(NAS)是广泛部署的网络配置和符合性管理(NCCM)解决方案。Opsware对配置脚本的访问权限设置存在漏洞,本地攻击者可能利用此漏洞获取连接MySQL数据库的密码。OpswareNAS6.0的/etc/init.d/mysqll中存在init类型的启动脚本,且在安装中还存在MySQLMAX数据库的root口令。这个shell脚本的权限是完全可读的,这就允许系统中的任何用户都可以入侵root帐号,读取敏感的网络信息,包括所存储或共享的网络设备认证凭据。
|漏洞EXP
The Opsware Network Automation System (NAS) version 6.0 installation
places an 'init' style startup script in /etc/init.d/mysqll and places
the 'root' password that you choose for the MySQL MAX database during
installation.

The permissions on this small shell script are world readable, allowing
any user of the system to compromise the 'root' MySQL account. This
could reveal network intelligence including stored/shared authentication
credentials for network devices.
|参考资料

来源:XF
名称:nas-mysql-plaintext-password(27995)
链接:http://xforce.iss.net/xforce/xfdb/27995
来源:BID
名称:19126
链接:http://www.securityfocus.com/bid/19126
来源:BUGTRAQ
名称:20060727Re:OpswareNAS6.0revealsMySQL'root'password
链接:http://www.securityfocus.com/archive/1/archive/1/441296/100/0/threaded
来源:BUGTRAQ
名称:20060724OpswareNAS6.0revealsMySQL'root'password
链接:http://www.securityfocus.com/archive/1/archive/1/441024/100/0/threaded
来源:SECTRACK
名称:1016566
链接:http://securitytracker.com/id?1016566
来源:SECUNIA
名称:21192
链接:http://secunia.com/advisories/21192
来源:BUGTRAQ
名称:20060824Re:OpswareNAS6.0revealsMySQL'root'password
链接:http://www.securityfocus.com/archive/1/archive/1/444223/100/0/threaded
来源:SREASON
名称:1289
链接:http://securityreason.com/securityalert/1289